Menu

How do I change my API secret?

Question

I am unable to change my API secret

How do I change my API secret?

 

Answer

You can change your API secret using the Nexmo Secret Management API. This article demonstrates how to change your API secret using Postman software or the command line tool, cURL.

Each Nexmo account can have up to two API secrets at any time. This allows you to create a second API secret, test your application and deploy the new configuration to production without interrupting your customer's service. Once that's done, you can revoke the existing API secret until you need to rotate your credentials again.

 

Postman

1. Open a new tab in your current or new collection and enter the following GET request url: https://api.nexmo.com/accounts/YOUR_API_KEY/secrets/

 

2. Add the following headers: (Key) Authorization (Value) Basic YOUR_API_KEY_AND_SECRET & (Key) Content-Type (Value) application/json

2a. Note that the Nexmo Secret Management API requires authentication to be done using an API key and secret sent Base64-encoded in the Authorization header. For example, if your API key is 'abcd123' and secret '12345qwerty' you would concatenate the key and secret with a : (colon) symbol and then encode them using Base64 encoding. There are many ways to generate Base64 strings, here is a website to help you encode your api key and secret. 

2b. Your postman collection should now look something like this:

Screen_Shot_2018-10-05_at_15.01.58.png

3. Send the API request. The API will return all secrets, along with secret_id and created_at time. The value of the secret will never be shown. Make a note of the ID that is relatively more aged (see the "created_at" value) Note, if you only have 1 API secret configured, go directly to step 5

4. Now we need to revoke the API secret that you just made a note of. Keeping the same headers, create a new request (tab), change your HTTP request to DELETE and append the URL with the secret ID

4a. Your postman collection should now look something like this:

Screen_Shot_2018-10-05_at_15.01.22.png

4c. Send the API request. 

5. We will now proceed to create a new API secret. Keeping the same headers, create a new request (tab), change your HTTP request to POST with URL https://api.nexmo.com/accounts/YOUR_API_KEY/secrets/

6. Go to the "Body" tab and select raw with JSON (application/json) as your encoding type

7. Type your new API secret in JSON format, for example: { "secret": "YOUR_NEW_SECRET" }

7a. New API secrets must meet the following rules:

  • Minimum 8 characters
  • Maximum 25 characters
  • Minimum 1 lower case character
  • Minimum 1 upper case character
  • Minimum 1 digit

7b. Your postman collection should now look something like this:

Screen_Shot_2018-10-05_at_13.51.02.png

7c. Send the API request. The API response will contain a new secret ID.

8. Now we can validate the API secret has been created successfully. Login to the Nexmo Dashboard and navigate to settings. Ensure that the secret you created is detailed in either "API secret 1" or ""2

8b. If necessary, revoke a given API secret by following steps 3 to 4

Remember to update your application/environment accordingly with the new API secret

 

 

 

cURL

1. Create a GET request as follows. 

1a. Note that the Nexmo Secret Management API requires authentication to be done using an API key and secret sent Base64-encoded in the Authorization header. For example, if your API key is 'abcd123' and secret '12345qwerty' you would concatenate the key and secret with a : (colon) symbol and then encode them using Base64 encoding. There are many ways to generate Base64 strings, here is a website to help you encode your api key and secret. 

curl -X GET https://api.nexmo.com/accounts/YOUR_API_KEY/secrets \
-H "Authorization: Basic "YOUR_API_KEY_AND_SECRET \
-H "Content-Type: application/json"

2. Send the API request. The API will return all secrets, along with their id and created_at time. The value of the secret will never be shown. Make a note of the ID that is relatively more aged (see the "created_at" value). If you only have 1 API secret configured, go to step 4.

3.Now we need to revoke the API secret that you just made a note of. Keeping the same headers, create a DELETE request and append the URL with the api secret ID you would like to revoke. 

curl -X DELETE https://api.nexmo.com/accounts/YOUR_API_KEY/secrets/YOUR_API_SECRET_ID
-H "Authorization: Basic "YOUR_API_KEY_AND_SECRET \

-H "Content-Type: application/json

  

3b. Send the request

4. We will now proceed to create a new API secret. Keeping the same headers, create a POST request as follows:

curl -X POST https://api.nexmo.com/accounts/YOUR_API_KEY/secrets \
-H "Authorization: Basic "YOUR_API_KEY_AND_SECRET \
-H "Content-Type: application/json" \
-d '{"secret": "YOUR_NEW_API_SECRET" }'

4c. New API secrets must meet the following rules:

  • Minimum 8 characters
  • Maximum 25 characters
  • Minimum 1 lower case character
  • Minimum 1 upper case character
  • Minimum 1 digit

5. Now we can validate the API secret has been created successfully. Login to the Nexmo Dashboard and navigate to settings. Ensure that the secret you created is detailed in either "API secret 1" or ""2 

5c. If necessary, revoke a given API secret by following steps 3 to 4

Remember to update your application/environment accordingly with the new API secret

 

 

Was this article helpful?
0 out of 0 found this helpful
Follow
Have more questions? Submit a request