Rotate OAuth app client secret
POST/apps/:appId/rotate
Generates a new client secret for an OAuth application, immediately invalidating the old secret. The new secret is only returned once and should be stored securely. Use this endpoint when a secret has been compromised or as part of regular security rotation. Only the app owner can rotate their app secrets.
Request
Responses
- 200
- 400
- 401
- 404
- 500
OAuth app with new clientSecret (only shown once)
Invalid app ID format
Unauthorized - admin role and credentials.manage scope required
App not found or access denied
Internal server error