PUT /api/apps/versions/{AppVersionID}/secret
Regenerates the shared secret value for the specified app version. Valid if the Shared Secret is stored on the platform. Not valid for apps that have a user-defined app identity referencing an external identity domain.
This operation doesn't return the regenerated shared secret. To get the new value, run the GET /api/apps/versions/{AppVersionID}/secret operation.
Note: If the app has a user-defined App Identity that includes a domain, the platform does not collect, regenerate, return, or display the Shared Secret value. Instead, the user manages the app's Shared Secret in the external identity domain, which must be a valid domain set up in the platform. The platform takes the Shared Secret value that the user provides and validates it with the external identity domain. In these scenarios, this operation cannot retrieve the app's shared secret.
Note: This operation uses the updatePassword method which is part of Policy Manager. The Akana API Platform generates the SharedSecret value and passes the value to the Policy Manager updatePassword method so that it can be stored in an encrypted form.
Workflow: This operation checks whether the resource is governed by a workflow, and if so whether the action is valid based on the current state of the resource. If the action is not valid, the operation will fail.
Authorization Roles/Permissions: Must be logged in. App team member, Business Admin
This topic includes the following sections:
HTTP Method
PUT
URL
https://{hostname}/api/apps/versions/{AppVersionID}/secret&[Comments={url_encoded_comment}]
Sample Request
In the example below, a new shared secret value is requested.
Sample request URL
https://{hostname}/api/apps/versions/zloo4xWpHLoXdHI8IBI9VFuni0yFjknk0xkkHQNC.acmepaymentscorp/secret?Comments=Regenerating%20shared%20secret%20due%20to%20a%20security%20breach.
Sample request headers
PUT /api/apps/versions/72K8Z0qGl9h6GX3QgLh2nzuK.acmepaymentscorp/secret HTTP/1.1
Host: {hostname}
Accept: text/plain
Content-Type: application/x-www-form-urlencoded
X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...
Sample request body
Comments=updating.
Request Headers
For general information on request header values, refer to HTTP Request Headers.
| Header | Description |
|---|---|
| Accept | Any Accept header value that supports a response Content-Type of text/plain is valid; for example, */*. |
| Content-Type | application/x-www-form-urlencoded |
| Cookie | AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies. |
| X-Csrf-Token_{fedmemberID} | The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login. |
Request Parameters
| Parameter | Parm Type | Data Type | Required | Description |
|---|---|---|---|---|
| AppVersionID | Path | string | Required | The unique ID for a specific app version. |
| Comments | Form | string | Required | Comments entered by the user performing the action. Comments must be URL-encoded. |
| SharedSecret | Form | string | Optional | The new shared secret value. Used in scenarios where the shared secret is user-defined. If this parameter is present, the platform uses the value supplied. If it isn't present, the platform regenerates the new shared secret value. |
Response
If successful, this operation returns HTTP status code 200, with the AppVersionID of the app.
Sample Response
The sample response below shows a successful result.
Sample response headers
HTTP/1.1 200 OK Content-Type: text/plain Date: Thu, 28 Jun 2018 04:02:01 GMT
Sample response body
zloo4xWpHLoXdHI8IBI9VFuni0yFjknk0xkkHQNC.acmepaymentscorp
Response Headers
For general information on response header values, refer to HTTP Response Headers.
| Header | Description |
|---|---|
| Content-Type | text/plain |
Response Body
| Name | Type | Description |
|---|---|---|
| AppVersionID | string | The unique ID for a specific app version. |
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
| Item | Value |
|---|---|
| 401 | Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing. |
| 415 | Unsupported Media Type; returned if the request is using a media type not supported by the method. For this operation, you must use a Content-Type of multipart/form-data, and you must provide comment text in the request body, as shown in the example. |
| 500 | An error occurred processing the call. |
More information about Akana API Platform API error messages.
