Objective
Changing you API secret using Postman or cURL.
Applies To
- API Secret
- Postman
- cURL
Procedure
You can change your API secret using the Vonage Secret Management API. This article demonstrates how to change your API secret using Postman software or the command line tool, cURL.
Each Vonage API account can have up to two API secrets at any time. This allows you to create a second API secret, test your application, and deploy the new configuration to production without interrupting your customer's service. Once that's done, you can revoke the existing API secret until you need to rotate your credentials again.
Postman
Note that the Vonage Secret Management API requires authentication to be done using an API key and secret sent Base64-encoded in the Authorization header. For example, if your API key is 'abcd123' and secret '12345qwerty' you would concatenate the key and secret with a :
(colon) symbol and then encode them using Base64 encoding. There are many ways to generate Base64 strings. Here is a website to help you encode your API key and secret.
- Open a new tab in your current or new Postman collection and enter the following GET request URL: https://api.nexmo.com/accounts/YOUR_API_KEY/secrets/
- Add the following headers:
- (Key) Authorization (Value) Basic YOUR_API_KEY_AND_SECRET
- (Key) Content-Type (Value) application/json
- Your Postman collection should now look something like this:
- Send the API request. The API will return all secrets, along with secret_id and created_at time. The value of the secret will never be shown. Make a note of the ID that is relatively more aged (see the "created_at" value) Note: If you only have one API secret configured, go directly to step 9.
- Now we need to revoke the API secret that you just made a note of. Keeping the same headers, create a new request (tab), change your HTTP request to DELETE and append the URL with the secret ID.
- Your postman collection should now look something like this:
- Send the API request.
- We will now proceed to create a new API secret. Keeping the same headers, create a new request (tab), change your HTTP request to POST with URL https://api.nexmo.com/accounts/YOUR_API_KEY/secrets/
- Go to the Body tab and select raw with JSON (application/json) as your encoding type
- Type your new API secret in JSON format, for example: { "secret": "YOUR_NEW_SECRET" }
- New API secrets must meet the following rules:
- Minimum 8 characters
- Maximum 25 characters
- Minimum 1 lower case character
- Minimum 1 upper case character
- Minimum 1 digit
- Your postman collection should now look something like this:
- Send the API request. The API response will contain a new secret ID.
- Now you can validate the API secret has been created successfully. Log in to the Vonage API account dashboard and navigate to Settings. Ensure that the secret you created is detailed in either API Secret 1 or API Secret 2.
- If necessary, revoke a given API secret by following step 5.
- Remember to update your application or environment accordingly with the new API secret.
cURL
Note that the Vonage Secret Management API requires authentication to be done using an API key and secret sent Base64-encoded in the Authorization header. For example, if your API key is 'abcd123' and secret '12345qwerty' you would concatenate the key and secret with a :
(colon) symbol and then encode them using Base64 encoding. There are many ways to generate Base64 strings, here is a website to help you encode your api key and secret.
- Create a GET request as follows.
curl -X GET https://api.nexmo.com/accounts/YOUR_API_KEY/secrets \
-H "Authorization: Basic "YOUR_API_KEY_AND_SECRET \
-H "Content-Type: application/json" - Send the API request. The API will return all secrets, along with their id and created_at time. The value of the secret will never be shown. Make a note of the ID that is relatively more aged (see the "created_at" value). If you only have 1 API secret configured, go to step 6.
- Now we need to revoke the API secret that you just made a note of. Keeping the same headers, create a DELETE request and append the URL with the api secret ID you would like to revoke.
curl -X DELETE https://api.nexmo.com/accounts/YOUR_API_KEY/secrets/YOUR_API_SECRET_ID
-H "Authorization: Basic "YOUR_API_KEY_AND_SECRET \
-H "Content-Type: application/json - Send the request.
- We will now proceed to create a new API secret. Keeping the same headers, create a POST request as follows:
curl -X POST https://api.nexmo.com/accounts/YOUR_API_KEY/secrets \
-H "Authorization: Basic "YOUR_API_KEY_AND_SECRET \
-H "Content-Type: application/json" \
-d '{"secret": "YOUR_NEW_API_SECRET" }' - New API secrets must meet the following rules:
- Minimum 8 characters
- Maximum 25 characters
- Minimum 1 lower case character
- Minimum 1 upper case character
- Minimum 1 digit
- Now we can validate the API secret has been created successfully. Login to the Vonage API account dashboard and navigate to Settings. Ensure that the secret you created is detailed in either API Secret 1 or API Secret 2.
- If necessary, revoke a given API secret by following steps 3 to 4.
- Remember to update your application or environment accordingly with the new API secret.
Additional Information
We also allow customers to create and remove API secrets in the Vonage API account dashboard on the Settings page. To create a new API secret, click Add New Secret and key in the new secret with the allowed format. To delete an API secret, click the trash icon on the right side of the item.
Articles in this section
- How do I update my profile name?
- What should I do if I didn't receive the team member invitation email?
- Dashboard domain for China customers
- How to troubleshoot network issues when sending API requests
- How do I update my Account Company Information and Address?
- Best practices for webhook/callback URL
- How to change your email address on the unified account?
- Can Secondary API key users see numbers shared in the Customer Dashboard view?
- What is the difference between Vonage Video API and Meetings API?
- How do I update the phone number in my Vonage API account dashboard?