PUT /api/apps/versions/{AppVersionID}/secret

Regenerates the shared secret value for the specified app version. Valid if the Shared Secret is stored on the platform. Not valid for apps that have a user-defined app identity referencing an external identity domain.

This operation doesn't return the regenerated shared secret. To get the new value, run the GET /api/apps/versions/{AppVersionID}/secret operation.

Note: If the app has a user-defined App Identity that includes a domain, the platform does not collect, regenerate, return, or display the Shared Secret value. Instead, the user manages the app's Shared Secret in the external identity domain, which must be a valid domain set up in the platform. The platform takes the Shared Secret value that the user provides and validates it with the external identity domain. In these scenarios, this operation cannot retrieve the app's shared secret.

Note: This operation uses the updatePassword method which is part of Policy Manager. The Akana API Platform generates the SharedSecret value and passes the value to the Policy Manager updatePassword method so that it can be stored in an encrypted form.

Workflow: This operation checks whether the resource is governed by a workflow, and if so whether the action is valid based on the current state of the resource. If the action is not valid, the operation will fail.

Authorization Roles/Permissions: Must be logged in. App team member, Business Admin

This topic includes the following sections:

HTTP Method


Back to top



Back to top

Sample Request

In the example below, a new shared secret value is requested.

Sample request URL


Sample request headers

PUT /api/apps/versions/72K8Z0qGl9h6GX3QgLh2nzuK.acmepaymentscorp/secret HTTP/1.1
Host: {hostname}
Accept: text/plain
Content-Type: application/x-www-form-urlencoded

Sample request body


Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept Any Accept header value that supports a response Content-Type of text/plain is valid; for example, */*.
Content-Type application/x-www-form-urlencoded
X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
AppVersionID Path string Required The unique ID for a specific app version.
Comments Form string Required Comments entered by the user performing the action. Comments must be URL-encoded.
SharedSecret Form string Optional The new shared secret value. Used in scenarios where the shared secret is user-defined. If this parameter is present, the platform uses the value supplied. If it isn't present, the platform regenerates the new shared secret value.

Back to top


If successful, this operation returns HTTP status code 200, with the AppVersionID of the app.

Back to top

Sample Response

The sample response below shows a successful result.

Sample response headers

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Thu, 28 Jun 2018 04:02:01 GMT

Sample response body


Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type text/plain

Back to top

Response Body

Name Type Description
AppVersionID string The unique ID for a specific app version.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
415 Unsupported Media Type; returned if the request is using a media type not supported by the method. For this operation, you must use a Content-Type of multipart/form-data, and you must provide comment text in the request body, as shown in the example.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.

Back to top

Related Topics