You are receiving unexpected subscriptions created daily at 3 AM, likely due to an automated process (such as a cron job) from an unknown source, possibly implemented by a previous developer. You want to reset the client secret without disrupting the production app. Additionally, you would like to identify the origin of the unauthorized subscriptions.
Solution: Currently, there is no way to reset an application’s client secret directly. To resolve this issue without disrupting your production app, follow these steps:
-
Clone Your Existing Application:
-
Cloning the application will generate a new client ID and client secret.
-
This ensures that you have a fresh set of credentials to use for your legitimate production instance.
-
-
Update Your Production App with the New Credentials:
-
Replace the old client ID and client secret with the newly generated ones in your application.
-
Verify that your application continues to function properly with the new credentials.
-
-
Suspend the Old Application:
-
Once you have confirmed the new credentials are working correctly, suspend the old application.
-
This will prevent any unauthorized API calls using the previous client ID and secret.
-
-
Monitor for Unauthorized Activity:
-
Any unauthorized app still using the old credentials will start receiving rejections from the API.
-
Monitor logs for attempted API calls using the old credentials to help identify the origin of the unexpected subscriptions.
-
Identifying the Origin of Unexpected Subscriptions: While there is no direct way to trace the source of these subscriptions, you can take the following actions:
-
Check server logs for API call timestamps and source IP addresses.
-
Review code repositories for old credentials or cron jobs that might be running the subscription process.
-
Work with your IT team to identify any unauthorized scripts or third-party integrations using the old credentials.
