the page is not not public yet
Introduction
The World Marrow Donor Association (WMDA) uses app registrations that allow machines to communicate securely with WMDA's services. Instead of using a username and password, these connections use a Client ID and a Client Secret:
- The Client ID is a constant identifier for the app.
- The Client Secret is like a temporary password for the app used for machine-machine authentication. It expires after a certain period. Once expired, the connection stops working until a new secret is provided.
This method ensures secure access without exposing personal credentials and makes managing machine-to-service communication easier.
Managing your client secrets
To be able to manage client secrets of your organisation, a user must:
WMDA IT team creates applications for your organisation and provides the client IDs needed to connect to WMDA APIs. Each application has a client_id (permanent) and requires client secrets to authenticate.
| Info |
|---|
To authenticate with WMDA APIs, a bearer token must be requested from the WMDA Azure Active Directory (Azure AD). For details on how client_id and client_secret are used to retrieve bearer tokens, see API authentication. |
Client_id
- Is created by the WMDA and shared with your organisation.
- Identifies your application.
- Is permanent and does not change.
Client_secret
- A confidential credential linked to a client_id.
- Acts like a temporary password for machine-to-machine authentication.
- Required for connecting to WMDA APIs.
- Expires after a set period. A new secret must be generated and used.
| Warning |
|---|
Client_id stays the same permanently. It does not expire and does not need to be replaced. Client_secrets expire after a set period. When the client_secret expires, API connections will stop working until a new secret is created and updated in your systems. To avoid interruptions, always rotate the secret before it expires. |
Applications in the Self Service Client Secret Management Portal:
The Self Service Client Secret Management Portal lists the applications created by the WMDA IT team for your organisation. Each application represents access to one or more APIs.
Examples of applications you may see in the Self Service Client Secret Management Portal:
- Partner-NL-OrganisationName-DM
Partner-NL-OrganisationName-SMC
PartnerAlternative-NL-OrganisationName-SMC (Match-Connect sandbox only)
Applications naming convention follows this pattern:
Partner-(Country Code)-(Organisation Name)-(API)
Where:
- Country Code: 2-letter ISO code for your country (e.g., NL).
- Organisation Name: your organisation name.
- API: The WMDA APIs the application can access, i.e. DM (Data Manager), SMC (Search, Match & Connect).
| Info |
|---|
PartnerAlternative is a "dummy" organisation for implementers to test their Match-Connect API integration internally. It works only in the Match-Connect sandbox and is provided upon request. |
Each application has its own client_id and client secrets. Visibility depends on your user role and the permissions granted to your organisation.
Access to the Portal
You can manage client secrets using the Self Service Client Secret Management Portal, where you can view, create, and delete client secrets.
To access the portal:
- You must have the appropriate role provided by the WMDA team.
- Login to the portal using MFA (MFA user guide).
- Visit the page login to the https://portal.wmda.info/ using MFA (MFA user guide);
- have the "credential_management" role.
| Info | ||
|---|---|---|
| ||
Only users with the appropriate role ("credential_management") can manage client secrets. If you need access to manage your organisation's client secrets for Data Manager (DM) and/or Search-Match-Connect (SMC), please contact WMDA support@wmda.info |
With this role you can:
- View the applications you own and their existing secrets.
- Create new client secrets when needed.
- Delete secrets that are no longer in use.
| Info |
|---|
Your organisation should designate one or more technical contacts who are responsible for managing client secrets. Only designated users can be granted access. Before contacting WMDA support, confirm internally who is responsible within your team. If access is required, contact WMDA: support@wmda.info |
Managing your client secrets
Once you have access, you can use the Self Service Client Secret Management Portal to:
- View the applications and their client_ids provided by the WMDA.
- Create new client secrets for these applications.
- See expiration date for each client secret.
- Delete client secrets.
To create a new secret:
1. Click on the "Create new secret" button and the pop-up will appear:
2. Provide When creating a new secret, you must provide client secret name and expiration date (1 year maximum) for this secret:
3. Click on "Create".
4. Client secret will appear:
| Warning |
|---|
| Info | icon | false
When you create a new secret, copy and store it securely. After you refresh or return to this page, the full secret will no longer be visible - only the first three characters (hint) will remain. If you don't copy the newly created secret, you lose it, and you'll need to generate a new onesecret. |
...
Once a new client secret is used, the old one should be removed to prevent unnecessary expiration reminders and confusion.
To delete a secret:
1. Click on the delete icon next to the secret you would like to delete and confirm your action:
Email Notifications About Expiring Client Secrets
The designated contact(s) for your organisation will automatically receive email notifications from WMDA when a client secret is approaching expiration.
Notifications are sent at the following intervals:
- 6 weeks before client secret expiration.
- 3 weeks before client secret expiration.
- 1 week before client secret expiration - daily reminders until the secret is replaced.
These reminders are sent only to users who have been granted access to the Self Service Client Secret Management Portal.