Skip to content

Regenerate a confidential client's secret.

POST
/api/admin/clients/{id}/regenerate-secret
Code sample: Shell / cURL
curl --request POST \
--url https://auth.example.com/api/admin/clients/example/regenerate-secret \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '{ "revoke_existing_tokens": true, "grace_period_hours": 24 }'

Regenerate secret for Client in the Clients area. The request body is JSON unless the detailed schema for this operation states otherwise.

id
required
string
X-Tenant-Id
string

Tenant selector for multi-tenant admin requests.

Idempotency-Key
string

Idempotency key for state-changing operations that support replay protection.

Media type application/json
object
revoke_existing_tokens
boolean
grace_period_hours
number
>= 1 <= 168
key
additional properties
Example
{
"revoke_existing_tokens": true,
"grace_period_hours": 24
}

Regenerated client secret response. The secret is returned only in this response.

Media type application/json
object
client_id
required
string
client_secret
required

Newly generated secret. It is returned once and must be stored by the caller.

string
created_at
required
string format: date-time
revoked_tokens
required
integer
key
additional properties
Example
{
"client_id": "web-app",
"client_secret": "6b1d3b0f6c7e4e2a9a1b4c3d5e6f7081",
"created_at": "2026-06-19T00:00:00.000Z",
"revoked_tokens": 3
}

Error response.

Media type application/json
object
error
string
message
string
error_description
string
key
additional properties
Example generated
{
"error": "example",
"message": "example",
"error_description": "example"
}