Versions Compared

Old Version 39

changes.mady.by.user Vova Maystruk

Saved on

compared with

New Version 40

changes.mady.by.user Vova Maystruk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • What credential managers can do: View, create, and delete client secrets for your applications.
  • What WMDA does & what members do: WMDA creates and manages the applications and assigns client IDsprovides each application with a permanent client ID; members manage their own client secrets associated with these applications using the dedicated portal page.
  • Why secret rotation matters: Client secrets expire periodically. Rotating them on time ensures uninterrupted API access and maintains security.

...

You can manage API credentials using the Manage API Credentials page, where you can view, create, and delete client secrets.

...

.

...

API credentials consist of a client ID and a client secret. This portal allows you to manage the client secrets associated with each application. See 2. About API Credentials & 3. Applications on the Manage API Credentials Page below for more details.

1.1 Access to the Manage API Credentials Page

  1. Visit the Manage API Credentials page https://portal.wmda.info/manage-api-credentials.
    1. You must login to the WMDA Portal using MFA (MFA user guide).
    2. You must have the credential manager role assigned by the WMDA team.

...

Info

We advise including your name in the "client secret name" field (e.g., "Secret by John Doe") so the WMDA IT team can contact you if troubleshooting or follow-up is needed.

...

To inform credential managers about secrets that are about to expire, email notifications are sent. See 4. Email Notifications About Expiring Client Secrets below for more details.

Client secret that is about to expire (in less than one month) is marked with an icon warning  next to the expiration date on the Manage API Credentials page:

...

Info

To authenticate with WMDA APIs, a bearer token must be requested from the WMDA. For details on how the client ID and client secret are used to retrieve bearer tokens and authenticate future requests to the WMDA API, see  see API authentication.


WMDA IT team creates applications for members that implement WMDA APIs. To securely connect to these applications, the IT team provides API credentials, which consist of:

...

The Manage API Credentials page lists the application registrations (referred to as applications in this guide) created by the WMDA IT team for your organisation. Each application represents access to one or more APIs.

Each application is associated with a client ID and client secrets, which can be managed by credential managers using the portal.

exclamation mark These applications are created and managed by the WMDA IT teamWMDA team; members cannot create or modify them.

...

Info

PartnerAlternative is a "dummy" application for implementers to test their Match-Connect API integration internally. It works only in the Match-Connect sandbox and is provided upon request.

...

.


4. Email Notifications About Expiring Client Secrets

...