Occasionally, someone departs the company that had access to Client ID and Client Secret values for an API user.
It would be nice to be able to update that API user with a new "Client ID" and "Client Secret" rather than have to delete it -- so that you're certain departed employees don't have access to those values without having to delete the API user and recreate it.
What's the benefit of this over deleting an existing record and creating a new client? The credentials still need to be updated in the third-party service if the secret was changed, and deletion immediately revokes API client credentials.
Hmm... good point. So — yeah — I guess this wouldn't really solve anything.
Is there a smart way to avoid this sort of headache?
At this time there's not really a better way. We are working on providing a means of securely transferring credentials between Marketo and ISVs, which would eliminate the need for an end-user to access and transfer credentials to application providers, but this won't become available this year. This would mean that users would never have direct access to API credentials, though you will still be able to revoke access thru the same means when we offer this option.
Not sure what the headache is... delete the Custom service, no?
I mean having a granular relationship between apps and service definitions is advisable. I see people start out granular and then start sharing, and that's a mistake.
Yeah. I think this is the thing. People had direct access, so you worry, when they leave, whether those credentials are out there somewhere.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.