app.credentials_rotated

📘

Supported Regions and Base URLs

The app.credentials_rotated event is emitted by Talkdesk:

As Routine Security Measure

To guarantee the credentials are not stale.
There is a grace period of seven days, during which both sets of OAuth credentials are valid for use. This event must be acknowledged, triggering the expiration of the old set of credentials before the grace period is up. In the case that the event is not acknowledged, the older set will still be revoked once the grace period is over, with the newest set remaining valid until the next rotation.

Acknowledging Credential Rotation

With the app.credentials_rotated event fired, a grace period of seven days is given to recognize the new set of credentials provided.
To acknowledge this credential rotation event, make a POST request to /apps/{app_id}/installations/{installation_id}/credentials/{client_id}/state.

Whenever the Original Installation Credentials Are Compromised

There is no grace period. The old credentials are invalidated as soon as new ones are generated.

📘

Whenever a app.credentials_rotated is emitted, Talkdesk's systems also email the developer informing of the rotation.

Payload Types

AttributeDescription
id
string
Unique identifier of the event
app_id
string
Unique identifier of the partner app
app_version_id
string
Unique identifier of the partner app's version
app_version_name
string
The name of the partner app's version
installation_id
string
Unique identifier of the partner app's installation in the Talkdesk account of the user
account_id
string
Unique identifier for the customer's Talkdesk account
account_name
string
The customer's Talkdesk account name
client_id
string
Client ID issued for the Talkdesk account, for the partner app API access
client_secret
string
Client secret issued for the Talkdesk account, for the partner app API access
private_key
string
JWT private key issued for the Talkdesk account, for the partner app API access
public_key
string
JWT public key issued for the Talkdesk account, for the partner app API access
key_id
string
JWT key ID issued for the Talkdesk account, for the partner app API access
key_algorithm
string
Possible values are ES256, ES384, ES512, PS256, PS384 and PS512
_links.selfURL to retrieve the event content
_links.installationURL to retrieve installation data

Payload Example

{
    "id": "be4cfd0a01a046ec98fde433d973d259",
    "api_version": "1",
    "type": "app.credentials_rotated",
    "app_id": "f918e2623486417791f3b5a18ca746ce",
    "app_version_id": "970d6643b6604a9d8ec77d470a3903cf",
    "app_version_name": "app_version_name",
    "created_at": "2021-06-01T17:23:07Z",
    "data": {
        "installation_id": "9514148a170c4d4aaa344a540cec08c5",
        "account_id": "052c3763ee0745c68a1f65f25b0bf273",
        "account_name": "starship",
        "client_id": "23de1fee7658490f8021465553402546",
        "client_secret": "CLIENT_SECRET",
        "private_key": "PRIVATE_KEY",
        "public_key": "PUBLIC_KEY",
        "key_id": "78a574781e434d0b9991edd0994fbeed",
        "key_algorithm": "ES256"
    },
    "_links": {
      "root": {
        "href": "https://api.talkdeskapp.com"
      },
      "self": {
        "href": "https://api.talkdeskapp.com/apps/f918e2623486417791f3b5a18ca746ce/events/be4cfd0a01a046ec98fde433d973d259"
      },
      "installation": {       
        "href": "https://api.talkdeskapp.com/apps/f918e2623486417791f3b5a18ca746ce/installations/9514148a170c4d4aaa344a540cec08c5"
      }
    }
 }

The links section contains:

AttributeDescription
selfURL to retrieve the event content
installationURL to retrieve installation data
rootURL to Talkdesk's API Gateway