Versions Compared

Old Version 23

changes.mady.by.user Vova Maystruk

Saved on

compared with

New Version 24

changes.mady.by.user Vova Maystruk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

warning the page is not not public yet

1.

...

Managing your client secrets

You can manage client secrets using the Manage API Credentials page, where you can view, create, and delete client secrets.

To access the page:

  1. Visit the Manage API Credentials page https://portal.wmda.info/manage-clients.
    1. You must login to the portal using MFA (MFA user guide).
    2. You must have the appropriate user role (credential manager) assigned by the WMDA team.

Image Added

Info

Your organisation should designate one or more technical contacts (credential manager) who are responsible for managing client secrets.

Only users with the credential manager role assigned by the WMDA team can access the Manage API Credentials page.

Before contacting WMDA support, confirm internally who is responsible within your team.

If access is required, contact WMDA: support@wmda.info

As credential manager you can use the Manage API Credentials page to:

  • View the applications and their client ID provided by the WMDA.
  • Create new client secrets for these applications.
  • See expiration date for each client secret.
  • Delete client secrets.

Image Added

To create a new secret:

  1. Visit the Manage API Credentials page https://portal.wmda.info/manage-clients and click on the "Create new secret" button and the pop-up will appear:

Image Added

2. Provide client secret name and expiration date (1 year maximum) for this secret:


Image Added

Info

We advise including your name in the "client secret name" field (e.g., "Secret by VM") so the WMDA IT team can contact you if troubleshooting or follow-up is needed.


3. Click on "Create".

4. Copy the client secret that appears:

Image Added

Warning

When you create a new secret, copy and store it securely. After you refresh or return to this page, the full secret will no longer be visible - only the first three characters (hint) will remain. If you don't copy the newly created secret, you lose it, and you'll need to generate a new secret.


Once a new client secret is in use, the old one should be removed to prevent unnecessary expiration reminders and confusion.

To delete a secret:

1. Click on the delete icon next to the secret you would like to delete and confirm your action:

2. About API Credentials:

WMDA IT team creates applications for your organisation to facilitate the identification and procurement of stem cell products from around the world.  To maintain secure access to these applications the WMDA provides the API Credentials (client _id ID and client _ secret) needed to connect to WMDA APIs. Each application has a client _id ID (which is permanent) and requires client secret to authenticate.

...

Info

To authenticate with WMDA APIs, a bearer token must be requested from the WMDA. For details on how client _id ID and client _ secret are used to retrieve bearer tokens and authenticate future requests to the WMDA API, see see API authentication.


Client _idID

  • Created by the WMDA and shared with your organisation.
  • Identifies your application connection to the WMDA APIs.
  • Permanent - it does not expire and cannot be changed.

Client _ secret

  • A confidential credential linked to a specific client _idID.
  • Acts like a temporary password for machine-to-machine authentication.
  • Required when requesting a bearer token to connect to the WMDA APIs.
  • Expires after a set period. A replacement must be created and used.
  • Can be managed by your organisation on the Manage API credentials page (see 4. Managing your client secrets below).


Warning

Client _id ID stays the same permanently. It does not expire and does not need to be replaced.

Client _ secret expires after a set period.

When the client _ secret expires, API connections will stop working until a new secret is created and updated in your systems.

To avoid interruptions, always rotate the secret before it expires. See 5. Email Notifications About Expiring Client Secrets below

...


3. Applications on the Manage API credentials page:

The Manage API credentials page lists the applications created by the WMDA IT team for your organisation. Each application represents access to one or more APIs.

...

Each application has its own client _id and ID and client secret. Visibility depends on your user role (see 3. Access to the Portal below) and the API permissions assigned to your application.

3. Access to the Manage API credentials page

You can manage client secrets using the Manage API credentials page, where you can view, create, and delete client secrets.

To access the page:

  1. Visit the page https://portal.wmda.info/manage-clients.
  2. You must login to the portal using MFA (MFA user guide).
  3. You must have the appropriate user role (credential manager) assigned by the WMDA team.

Image Removed

...

Your organisation should designate one or more technical contacts (credential manager) who are responsible for managing client secrets.

...

.

Before contacting WMDA support, confirm internally who is responsible within your team.

If access is required, contact WMDA: support@wmda.info


4.

...

As credential manager you can use the Manage API credentials page to:

  • View the applications and their client_ids provided by the WMDA.
  • Create new client secrets for these applications.
  • See expiration date for each client secret.
  • Delete client secrets.

Image Removed

To create a new secret:

1. Click on the "Create new secret" button and the pop-up will appear:

Image Removed

2. Provide client secret name and expiration date (1 year maximum) for this secret:

Image Removed

3. Click on "Create".

4. Client secret will appear:

Image Removed

Warning

When you create a new secret, copy and store it securely. After you refresh or return to this page, the full secret will no longer be visible - only the first three characters (hint) will remain. If you don't copy the newly created secret, you lose it, and you'll need to generate a new secret.

Once a new client secret is in use, the old one should be removed to prevent unnecessary expiration reminders and confusion.

To delete a secret:

1. Click on the delete icon next to the secret you would like to delete and confirm your action:

Image Removed

...

Email Notifications About Expiring Client Secrets

The designated contact(s) (credential manager) for your organisation will automatically receive email notifications from WMDA when a client secret is approaching expiration.

...

These reminders are sent only to users who have been granted access to the Manage API credentials page.the appropriate user role (credential manager) assigned by the WMDA team