Client secrets are used to authenticate Connect Applications when making requests to WorkOS APIs.
When a client secret is first created, the response includes an additional secret field containing the plaintext secret. This is the only time the plaintext secret will be returned.
{ "object": "connect_application_secret", "id": "secret_01J9Q2Z3X4Y5W6V7U8T9S0R1Q", "secret": "abc123def456ghi789jkl012mno345pqr678stu901vwx234yz", "secret_hint": "abc123", "last_used_at": "2024-01-15T14:30:00.000Z", "created_at": "2024-01-15T12:30:00.000Z", "updated_at": "2024-01-15T14:30:00.000Z" }
connect_application_secretList all client secrets associated with a Connect Application.
The plaintext secret is never returned after creation. Only the secret hint is included.
curl https://api.workos.com/connect/applications/app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q/client_secrets \ --header "Authorization: Bearer sk_example_123456789"
GET/connectParameters Returns Create a new client secret for a Connect Application.
This is the only time the plaintext secret will be returned and must be stored securely.
curl -X POST https://api.workos.com/connect/applications/app_01J9Q2Z3X4Y5W6V7U8T9S0R1Q/client_secrets \ --header "Authorization: Bearer sk_example_123456789" \ --header "Content-Type: application/json" \ --data '{}'
POST/connectParameters Returns Delete (revoke) an existing client secret.
curl -X DELETE https://api.workos.com/connect/client_secrets/secret_01J9Q2Z3X4Y5W6V7U8T9S0R1Q \ --header "Authorization: Bearer sk_example_123456789"
DELETE/connectParameters