We need to give our customers Machine Account so their API can talk to our API. My understanding is that we should create an Application for them so they have a client_id and client_secret and can do a Client Credentials Flow. Problem is we can access their secret… can they change it and make it so that we cannot know their secret ?
Hi @nayef
Only someone with dashboard access or mgmt API access can change the client secret.
You should be able to access their secret - it belongs to you.
Be aware that you have a quota of M2M tokens. You may want to implement a caching proxy to ensure that your 3rd part customers don’t run through your quota.
John
2 Likes
Thanks for helping on this one John!