Recipe

Rotate partner API credentials with zero downtime

Rotate a partner secret with no outage: create a second credential with the same scopes, cut traffic to it, verify, then revoke the old one. Never edit a live credential in place.

2 min read

Two clientsOverlap window
Same scopesOn the new one
Revoke lastAfter cut-over

Overlap, then cut over

The safe pattern is overlap. Mint a second OAuth client with the same scopes as the current one, deploy it to your token cache, and let both work for a short window. Because tokens are minted from the credential, your running tokens keep working during the swap.

Verify on the new credential

Confirm a real call succeeds on a token minted from the new client before you touch the old one — mint, call a read endpoint, check for a 200. Only then move all traffic across. Keep the token cache keyed by client so the two never collide (see caching tokens).

Revoke the old credential

Once every worker is minting from the new client and you have verified there is no residual traffic on the old one, revoke the old secret. If you rotate because of a suspected leak, revoke immediately and accept the brief disruption — a compromised secret is a live risk, and scopes bound its blast radius but do not remove it.

Frequently asked questions

Can I just change the secret on the existing client?

You can, but it risks an outage — any worker still holding the old secret fails at the next mint. Overlapping two clients lets you cut over and verify with zero downtime, then revoke.

What if the secret has leaked?

Revoke immediately rather than waiting for a clean overlap — a leaked secret is a live risk. Least-privilege scoping limits the damage, but the only fix is revocation. Then stand up a fresh credential.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.