IBM Security Verify

Shape the future of IBM Security Verify

We invite you to shape the future of IBM, including the product roadmap, by submitting ideas that matter to you the most.

Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Submit a private idea

If you have confidential information or customer data to share with your idea, then - DO NOT submit using the link below, instead - please open a private feature request.

And finally - if its an issue with expected behaviour, a product defect or a support need, open a Support Case

Improve ability to rotate API and Application Client Secrets

We would like to raise a request to have a simpler and smoother experience with the API and Application Client Secret rotations. The use case here we would have in mind would be that if an Application or API Client owning team has a set of credentials, and they would like to rotate the Client Secret (e.g., due to team member leaving team perhaps), they would be able to have a smooth time transitioning over from the old Client Secret to the new one. Please keep in mind in this use case that it would be ideal for the Application team to then be able to migrate over to the new Client Secret on their own schedule (i.e., there needs to be a period of time before the new Secret could be implemented in Production).

  • Guest
  • Jul 30 2020
  • Planned for future release
  • Guest commented
    4 Feb 03:06pm

    We did use the API call to do the API client secret rotation on a trial Tenant, and potentially managed to identify the unique fingerprint on the logs using the /v1.0/events report. We filtered the action by setting filters as :

    performedby_type=api

    resource=api_client

    event_type=management

    servicename=apisecurity

    api_grant_type=client_credentials

    action=modified

    For security controls, this should allow us to detect if API client secret rotation has already happened.


  • Guest commented
    5 Aug, 2020 02:59am

    Thank you for your idea. We agree with the use case presented here and have accepted the idea for later development prioritization.

Related ideas

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.