Skip to main content

Manage credentials

IMPORTANT
The shared credentials option described in this topic is deprecated as of December 1, 2020 and is no longer be available for new product integrations. Integrations that were created with shared credentials prior to that date continue to work. For enhanced security, AppDirect recommends that you use the separate credentials type for applications, and that you migrate existing products that use shared credentials to separate credentials. For more information about deprecation, see Product lifecycle phases.

As part of the product creation process, Developers must set up credentials. Developers can manage the API credentials that they use for product integrations on the Credentials page.

The client key and secret secure event notifications that are sent to configured endpoints. They are also required to secure incoming API requests for product integration—for example, to retrieve details of an event.

Credentials are created using the separate credentials authorization type. Separate credentials use the OAuth 2.0 protocol or basic authentication, with distinct keys and secrets for inbound and outbound API calls.

As of December 1, 2020, you can no longer use shared credentials. Shared credentials use the client (consumer) key and secret to verify signed event notifications that are sent to configured endpoints, and to sign incoming API requests for product integration (for example, to retrieve details of an event). Credentials that you created with the shared credentials type continue to work. However, for enhanced security, we recommend that you migrate existing products that use shared credentials to the separate credentials type. If you do this, you cannot revert back to shared credentials after you save your changes. The procedures described below include information on how to update credentials that you previously created.

To obtain credentials, use one of the following procedures. The steps that you follow the first time you generate credentials are slightly different than the steps to regenerate credentials.

To set up credentials for a product for the first time
  1. Go to Manage > Billing and Distribution > Products > productName | Edit > Integration | Credentials. The Credentials page opens.
  2. Use one of the following procedures to create credentials, depending on whether you want to create separate or shared credentials.

Create separate credentials

  1. From the drop-down list, select Separate Credentials. The fields required to create separate credentials open.

  2. In the Inbound credentials (OAuth 2.0) pane, click Generate ID and Secret. The New OAuth 2.0 client dialog opens.

  3. Copy your client ID and client secret to a secure location so that you can retrieve it later. After you click Done, you cannot retrieve the secret (if needed, you can regenerate credentials).

  4. Click Done. The dialog closes.

  5. In the Outbound credentials pane, select an authentication type for outbound notifications, then add the required information.

    OAuth2 (client credentials)

    1. Token endpoint—Endpoint used to request an OAuth 2.0 access token
    2. Client ID—Client identifier used to request an OAuth 2.0 access token from the configured token endpoint
    3. Client secret—Client secret used to request an OAuth 2.0 access token from the configured token endpoint
    4. Scopes—(Optional) A space-separated list of scope values associated with the requested OAuth 2.0 access token.

    Basic Authentication

    1. Username—The username to use for basic authentication
    2. Password—The password to use for basic authentication
      For more information, see Validate outbound event notifications.

    📝 Note
    If you configure outbound notifications to use basic authentication, inbound authentications always use Oauth 2.0 authentication.

  6. Click Save.

To migrate from shared to separate credentials
  1. Go to Manage > Billing and Distribution > Products > productName | Edit > Integration | Credentials. The Credentials page opens.
  2. Under Authorization type, click Switch to Separate Credentials.
    Caution: If you switch to separate credentials, you cannot revert to shared credentials after you save your changes.
  3. Complete the steps described in the To generate a consumer key and secret for a product for the first time section. The authorization type is updated.
  4. Click Publish. A publication review request notification is sent to the Marketplace Manager.

Was this page helpful?

Tell us more…

Help us improve our content. Responses are anonymous.

Thanks

We appreciate your feedback!