Versions Compared

Old Version 27

changes.mady.by.user Vova Maystruk

Saved on

compared with

New Version 28

changes.mady.by.user Vova Maystruk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

warning the page is not not public yet

1. Managing your client secrets

You can manage client secrets using the Manage API Credentials page, where you can view, create, and delete client secrets.

To access the page

...

  1. Visit the Manage API Credentials page https://portal.wmda.info/manage-clients.
    1. You must login to the portal using MFA (MFA user guide).
    2. You must have the appropriate user role (credential manager) assigned by the WMDA team.

...

  • View the applications and their client ID provided by the WMDA.
  • Create new client secrets for these applications.
  • See expiration date for each client secret.
  • Delete client secrets.

To create a new secret

...

  1. Visit the Manage API Credentials page https://portal.wmda.info/manage-clients and click on the "Create new secret" button and the pop-up will appear:

...

Once a new client secret is in use, the old one should be removed to prevent unnecessary expiration reminders and confusion.

To delete a secret

...

1. Click on the delete icon next to the secret you would like to delete and confirm your action:

Secrets that are about to expire

To inform credential managers about secrets that are about to expire, email notifications are sent. See 4. Email Notifications About Expiring Client Secrets below.

Client secret that is about to expire (in less than one month) is marked with an icon warning  next to the expiration date on the Manage API Credentials page:

Image Added

2. About API Credentials

WMDA IT team creates applications for your organisation to facilitate the identification and procurement of stem cell products from around the world.  To maintain secure access to these applications the WMDA provides the API Credentials (client ID and client secret) needed to connect to WMDA APIs. Each application has a client ID (which is permanent) and requires a client secret to authenticate.

...

  • A confidential credential linked to a specific client ID.
  • Acts like a temporary password for machine-to-machine authentication.
  • Required when requesting a bearer token to connect to the WMDA APIs.
  • Expires after a set period. A replacement must be created and used.
  • Can be managed by your organisation on the Manage API Credentials page (see 4. Managing your client secrets below).


Warning

Client ID stays the same permanently. It does not expire and does not need to be replaced.

Client secret expires after a set period.

When the client secret expires, API connections will stop working until a new secret is created and updated in your systems.

To avoid interruptions, always rotate the secret before it expires. See 5See 4. Email Notifications About Expiring Client Secrets below

...