question

Julio Toledo avatar image
Julio Toledo asked Julio Toledo commented

Expiring a Production App Secret?

Is it possible to expire and generate a new app secret for a REST API app that is already in production, or is this one of those "immutable" properties?
General Topic
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

benjamin-dean avatar image
benjamin-dean answered
App Secrets cannot be regenerated. You can create a new application if needed.

Regardless, if you are concerned that your App Key and/or App Secret have been attacked or lost, you should immediately suspend that application in the developer portal and then create a new application.
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Julio Toledo avatar image
Julio Toledo answered
Thanks Benjamin.

Don't suspect that, however I wanted to know if at least the App Secret portion could be easily refreshed to help safeguard an application. Other APIs provide that functionality that's why I asked.

Our application is under regular use by customers so it is not something that we could easily suspend and re-create...

That brings me to another important question regarding app versioning. Do we have to go thru app approval process all over again even if it's a minor change such as the redirect uri property?

1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

anton-nikitin avatar image
anton-nikitin answered Julio Toledo commented
I think we can create new app key and secret upon request and delete old one. But we cannot update a secret for the same key.

Regarding your second question. Yes, we can apply minor changes to your app upon your  request without re-graduation. You can contact developers support for it privately.
3 comments
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Hi Anton, 

So we an avoid re-graduation, I'd like to request that Developer Support add the following OAuth Redirects to our production app  (right our app has no redirects):

App Name
RC2FM Connector

redirects

https://service.rc2fm.com/auth_response.php

https://staging.rc2fm.com/auth_response.php

Thanks

PS. Is there a way to constrain redirects to Sandbox or Production use only?
0 Likes 0 ·
I have made these changes - should be enabled in Production within 10 minutes. Regading your question: no, redirect URIs now work for all keys.
0 Likes 0 ·
Thanks Anton
0 Likes 0 ·
Julio Toledo avatar image
Julio Toledo answered
Thanks Anton. I appreciate the facts that your apps are carefully curated, it helps protect everyone involved and insures a better outcome.

Having said that, I think some minor things could be submitted by the developer and then reviewed and approved by you without re-graduation.

I will post a request for redirect uri's soon.
1 |1500 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Developer sandbox tools

Using the RingCentral Phone for Desktop, you can dial or receive test calls, send and receive test SMS or Fax messages in your sandbox environment.

Download RingCentral Phone for Desktop:

Tip: switch to the "sandbox mode" before logging in the app:

  • On MacOS: press "fn + command + f2" keys
  • On Windows: press "Ctrl + F2" keys