How to give M2M credentials without knowing the client secret?

We need to give our customers Machine Account so their API can talk to our API. My understanding is that we should create an Application for them so they have a client_id and client_secret and can do a Client Credentials Flow. Problem is we can access their secret… can they change it and make it so that we cannot know their secret ?

Hi @nayef

Only someone with dashboard access or mgmt API access can change the client secret.
You should be able to access their secret - it belongs to you.

Be aware that you have a quota of M2M tokens. You may want to implement a caching proxy to ensure that your 3rd part customers don’t run through your quota.

John

2 Likes

Thanks for helping on this one John!