Oauth Client Secret Rotation

RWeinsh · ‎08-20-2023

Hey! We would like to know if the api supports Oauth Client Secret Rotation.
We would like to rotate our application client secret without impacting the current tokens.
Is this supported?

Darshil_Shah1 · ‎08-20-2023

Well, Marketo has an identity endpoint to create the short-lived (60-minute) OAUTH bearer access token, however, the Client ID and Client Secret that are required to create this access token need to be added manually, and there's no API for it. You'd need to update this in your properties file (or the place where you have these hard-coded and referenced everywhere from it). Upon switching the Client ID and Client Secret with valid values, you should not see any downtime/issues with creating the access token, so your integration should not get impacted.

View solution in original post

Darshil_Shah1 · ‎08-20-2023

Well, Marketo has an identity endpoint to create the short-lived (60-minute) OAUTH bearer access token, however, the Client ID and Client Secret that are required to create this access token need to be added manually, and there's no API for it. You'd need to update this in your properties file (or the place where you have these hard-coded and referenced everywhere from it). Upon switching the Client ID and Client Secret with valid values, you should not see any downtime/issues with creating the access token, so your integration should not get impacted.

Oauth Client Secret Rotation

Oauth Client Secret Rotation

Re: Oauth Client Secret Rotation

Re: Oauth Client Secret Rotation