Consumer Authentication

/

API reference

/

M2M Authentication

/

Rotate secret

/

Start secret rotation

Start M2M Client Secret Rotation

POSThttps://test.stytch.com/v1/m2m/clients/{client_id}/secrets/rotate/start

Initiate the rotation of an M2M client secret. After this endpoint is called, both the client's client_secret and next_client_secret will be valid. To complete the secret rotation flow, update all usages of client_secret to next_client_secret and call the Rotate Secret Endpoint to complete the flow. Secret rotation can be cancelled using the Rotate Cancel Endpoint.

Important: This is the only time you will be able to view the generated next_client_secret in the API response. Stytch stores a hash of the next_client_secret and cannot recover the value if lost. Be sure to persist the next_client_secret in a secure location. If the next_client_secret is lost, you will need to trigger a secret rotation flow to receive another one.


Path parameters


client_id*string

Response fields


status_codeint

request_idstring

m2m_clientobject
curl --request POST \
	--url https://test.stytch.com/v1/m2m/clients/m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885/secrets/rotate/start \
	-u 'PROJECT_ID:SECRET'

RESPONSE

200
{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "m2m_client": {
        "client_id":"m2m-client-test-d731954d-dab3-4a2b-bdee-07f3ad1be885",
        "next_client_secret":"NHQhc7ZqsXJVtgmN2MXr1etqsQrGAwJ-iBWNLKY7DzJj",
        "client_name":"Example client name",
        "client_description":"Example client description.",
        "client_secret_last_four":"DzJj",
        "next_client_secret_last_four":"DzJj",
        "status":"active",
        "scopes":["read:users","write:users"],
        "trusted_metadata":{}
    }
}

Common Error Types