app.credentials_rotated

The app.credentials_rotated event is emitted by Talkdesk:

As Routine Security Measure

To guarantee the credentials are not stale.
There is a grace period of seven days, during which both sets of OAuth credentials are valid for use. This event must be acknowledged, triggering the expiration of the old set of credentials before the grace period is up. In the case that the event is not acknowledged, the older set will still be revoked once the grace period is over, with the newest set remaining valid until the next rotation.

Acknowledging Credential Rotation

With the app.credentials_rotated event fired, a grace period of seven days is given to recognize the new set of credentials provided.
To acknowledge this credential rotation event, make a POST request to /apps/{app_id}/installations/{installation_id}/credentials/{client_id}/state.

Whenever the Original Installation Credentials Are Compromised

There is no grace period. The old credentials are invalidated as soon as new ones are generated.

📘

Whenever a app.credentials_rotated is emitted, Talkdesk's systems also email the developer informing of the rotation.

Payload Types

Attribute

Description

id
string

Unique identifier of the event

app_id
string

Unique identifier of the partner app

app_version_id
string

Unique identifier of the partner app's version

app_version_name
string

The name of the partner app's version

installation_id
string

Unique identifier of the partner app's installation in the Talkdesk account of the user

account_id
string

Unique identifier for the customer's Talkdesk account

account_name
string

The customer's Talkdesk account name

client_id
string

Client ID issued for the Talkdesk account, for the partner app API access

client_secret
string

Client secret issued for the Talkdesk account, for the partner app API access

private_key
string

JWT private key issued for the Talkdesk account, for the partner app API access

public_key
string

JWT public key issued for the Talkdesk account, for the partner app API access

key_id
string

JWT key ID issued for the Talkdesk account, for the partner app API access

key_algorithm
string

Possible values are ES256, ES384, ES512, PS256, PS384 and PS512

_links.self

URL to retrieve the event content

_links.installation

URL to retrieve installation data

Payload Example

{
    "id": "be4cfd0a01a046ec98fde433d973d259",
    "api_version": "1",
    "type": "app.credentials_rotated",
    "app_id": "f918e2623486417791f3b5a18ca746ce",
    "app_version_id": "970d6643b6604a9d8ec77d470a3903cf",
    "app_version_name": "app_version_name",
    "created_at": "2021-06-01T17:23:07Z",
    "data": {
        "installation_id": "9514148a170c4d4aaa344a540cec08c5",
        "account_id": "052c3763ee0745c68a1f65f25b0bf273",
        "account_name": "starship",
        "client_id": "23de1fee7658490f8021465553402546",
        "client_secret": "CLIENT_SECRET",
        "private_key": "PRIVATE_KEY",
        "public_key": "PUBLIC_KEY",
        "key_id": "78a574781e434d0b9991edd0994fbeed",
        "key_algorithm": "ES256"
    },
    "_links": {
      "root": {
        "href": "https://api.talkdeskapp.com"
      },
      "self": {
        "href": "https://api.talkdeskapp.com/apps/f918e2623486417791f3b5a18ca746ce/events/be4cfd0a01a046ec98fde433d973d259"
      },
      "installation": {       
        "href": "https://api.talkdeskapp.com/apps/f918e2623486417791f3b5a18ca746ce/installations/9514148a170c4d4aaa344a540cec08c5"
      }
    }
 }

The links section contains:

Attribute

Description

self

URL to retrieve the event content

installation

URL to retrieve installation data

root

URL to Talkdesk's API Gateway