Rotate a Client Secret for an API Service Integration

To rotate the client secret for an API service integration, you need to generate a secret in Okta and then use that new secret in your API service app. After the app uses the new client secret for authentication, you can deactivate and delete the old secret. You can generate up to two client secrets for your API service integration.

  1. In the Admin Console, go to ApplicationsAPI Service Integrations.
  2. Select the API service integration whose client secret you want to rotate.
  3. In the Client Secrets section of the General tab, click Generate new secret. A dialog box opens and displays the new client secret.
  4. Click Copy to clipboard, and then save the client secret. The client secret appears only once for enhanced security. You won’t be able to retrieve the new secret after you close the dialog box.
  5. Click Done. The new and previous client secrets appear as hashed values in the Client Secrets list. Both client secrets are active by default.
  6. Use the newly generated client secret to update your API service integration connection. After you’ve confirmed that the integration is using the new client secret, you can deactivate or delete the old one.
  7. In the Admin Console, set the status for the previous client secret to Inactive.
  8. Optional. Select InactivateDelete to delete the previous client secret.

Related topics

Add an API Service Integration

Revoke an API Service Integration