How do I change my API secret? How do I change my API secret?

How do I change my API secret?

Nexmo Support

Objective

Changing you API secret using Postman or cURL.

Applies To

  • API Secret
  • Postman
  • cURL

Procedure

You can change your API secret using the Vonage Secret Management API. This article demonstrates how to change your API secret using Postman software or the command line tool, cURL.

Each Vonage API account can have up to two API secrets at any time. This allows you to create a second API secret, test your application, and deploy the new configuration to production without interrupting your customer's service. Once that's done, you can revoke the existing API secret until you need to rotate your credentials again.

Postman

Note that the Vonage Secret Management API requires authentication to be done using an API key and secret sent Base64-encoded in the Authorization header. For example, if your API key is 'abcd123' and secret '12345qwerty' you would concatenate the key and secret with a : (colon) symbol and then encode them using Base64 encoding. There are many ways to generate Base64 strings. Here is a website to help you encode your API key and secret.

  1. Open a new tab in your current or new Postman collection and enter the following GET request URL: https://api.nexmo.com/accounts/YOUR_API_KEY/secrets/
  2. Add the following headers:
    • (Key) Authorization (Value) Basic YOUR_API_KEY_AND_SECRET
    • (Key) Content-Type (Value) application/json
  3. Your Postman collection should now look something like this:
    Screen_Shot_2018-10-05_at_15.01.58.png
  4. Send the API request. The API will return all secrets, along with secret_id and created_at time. The value of the secret will never be shown. Make a note of the ID that is relatively more aged (see the "created_at" value) Note: If you only have one API secret configured, go directly to step 9.
  5. Now we need to revoke the API secret that you just made a note of. Keeping the same headers, create a new request (tab), change your HTTP request to DELETE and append the URL with the secret ID.
  6. Your postman collection should now look something like this:
    Screen_Shot_2018-10-05_at_15.01.22.png
  7. Send the API request.
  8. We will now proceed to create a new API secret. Keeping the same headers, create a new request (tab), change your HTTP request to POST with URL https://api.nexmo.com/accounts/YOUR_API_KEY/secrets/
  9. Go to the Body tab and select raw with JSON (application/json) as your encoding type
  10. Type your new API secret in JSON format, for example: { "secret": "YOUR_NEW_SECRET" }
  11. New API secrets must meet the following rules:
    • Minimum 8 characters
    • Maximum 25 characters
    • Minimum 1 lower case character
    • Minimum 1 upper case character
    • Minimum 1 digit
  12. Your postman collection should now look something like this:
    Screen_Shot_2018-10-05_at_13.51.02.png
  13. Send the API request. The API response will contain a new secret ID.
  14. Now you can validate the API secret has been created successfully. Log in to the Vonage API account dashboard and navigate to Settings. Ensure that the secret you created is detailed in either API Secret 1 or API Secret 2.
  15. If necessary, revoke a given API secret by following step 5.
  16. Remember to update your application or environment accordingly with the new API secret.

cURL

Note that the Vonage Secret Management API requires authentication to be done using an API key and secret sent Base64-encoded in the Authorization header. For example, if your API key is 'abcd123' and secret '12345qwerty' you would concatenate the key and secret with a : (colon) symbol and then encode them using Base64 encoding. There are many ways to generate Base64 strings, here is a website to help you encode your api key and secret.

  1. Create a GET request as follows.
    curl -X GET https://api.nexmo.com/accounts/YOUR_API_KEY/secrets \
    -H "Authorization: Basic "YOUR_API_KEY_AND_SECRET \
    -H "Content-Type: application/json"
  2. Send the API request. The API will return all secrets, along with their id and created_at time. The value of the secret will never be shown. Make a note of the ID that is relatively more aged (see the "created_at" value). If you only have 1 API secret configured, go to step 6.
  3. Now we need to revoke the API secret that you just made a note of. Keeping the same headers, create a DELETE request and append the URL with the api secret ID you would like to revoke.
    curl -X DELETE
        https://api.nexmo.com/accounts/YOUR_API_KEY/secrets/YOUR_API_SECRET_ID
    -H "Authorization: Basic "YOUR_API_KEY_AND_SECRET \
    -H "Content-Type: application/json
  4. Send the request.
  5. We will now proceed to create a new API secret. Keeping the same headers, create a POST request as follows:
    curl -X POST https://api.nexmo.com/accounts/YOUR_API_KEY/secrets \
    -H "Authorization: Basic "YOUR_API_KEY_AND_SECRET \
    -H "Content-Type: application/json" \
    -d '{"secret": "YOUR_NEW_API_SECRET" }'
  6. New API secrets must meet the following rules:
    • Minimum 8 characters
    • Maximum 25 characters
    • Minimum 1 lower case character
    • Minimum 1 upper case character
    • Minimum 1 digit
  7. Now we can validate the API secret has been created successfully. Login to the Vonage API account dashboard and navigate to Settings. Ensure that the secret you created is detailed in either API Secret 1 or API Secret 2.
  8. If necessary, revoke a given API secret by following steps 3 to 4.
  9. Remember to update your application or environment accordingly with the new API secret.

Additional Information

We also allow customers to create and remove API secrets in the Vonage API account dashboard on the Settings page. To create a new API secret, click Add New Secret and key in the new secret with the allowed format. To delete an API secret, click the trash icon on the right side of the item.