The app.credentials_rotated
event is emitted by Talkdesk:
As Routine Security Measure
To guarantee the credentials are not stale.
There is a grace period of seven days, during which both sets of OAuth credentials are valid for use. This event must be acknowledged, triggering the expiration of the old set of credentials before the grace period is up. In the case that the event is not acknowledged, the older set will still be revoked once the grace period is over, with the newest set remaining valid until the next rotation.
Acknowledging Credential Rotation
With the app.credentials_rotated
event fired, a grace period of seven days is given to recognize the new set of credentials provided.
To acknowledge this credential rotation event, make a POST request to /apps/{app_id}/installations/{installation_id}/credentials/{client_id}/state
.
Whenever the Original Installation Credentials Are Compromised
There is no grace period. The old credentials are invalidated as soon as new ones are generated.
Whenever a
app.credentials_rotated
is emitted, Talkdesk's systems also email the developer informing of the rotation.
Payload Types
Attribute | Description |
---|---|
id | Unique identifier of the event |
app_id | Unique identifier of the partner app |
app_version_id | Unique identifier of the partner app's version |
app_version_name | The name of the partner app's version |
installation_id | Unique identifier of the partner app's installation in the Talkdesk account of the user |
account_id | Unique identifier for the customer's Talkdesk account |
account_name | The customer's Talkdesk account name |
client_id | Client ID issued for the Talkdesk account, for the partner app API access |
client_secret | Client secret issued for the Talkdesk account, for the partner app API access |
private_key | JWT private key issued for the Talkdesk account, for the partner app API access |
public_key | JWT public key issued for the Talkdesk account, for the partner app API access |
key_id | JWT key ID issued for the Talkdesk account, for the partner app API access |
key_algorithm | Possible values are ES256, ES384, ES512, PS256, PS384 and PS512 |
_links.self | URL to retrieve the event content |
_links.installation | URL to retrieve installation data |
{
"id": "be4cfd0a01a046ec98fde433d973d259",
"api_version": "1",
"type": "app.credentials_rotated",
"app_id": "f918e2623486417791f3b5a18ca746ce",
"app_version_id": "970d6643b6604a9d8ec77d470a3903cf",
"app_version_name": "app_version_name",
"created_at": "2021-06-01T17:23:07Z",
"data": {
"installation_id": "9514148a170c4d4aaa344a540cec08c5",
"account_id": "052c3763ee0745c68a1f65f25b0bf273",
"account_name": "starship",
"client_id": "23de1fee7658490f8021465553402546",
"client_secret": "CLIENT_SECRET",
"private_key": "PRIVATE_KEY",
"public_key": "PUBLIC_KEY",
"key_id": "78a574781e434d0b9991edd0994fbeed",
"key_algorithm": "ES256"
},
"_links": {
"root": {
"href": "https://api.talkdeskapp.com"
},
"self": {
"href": "https://api.talkdeskapp.com/apps/f918e2623486417791f3b5a18ca746ce/events/be4cfd0a01a046ec98fde433d973d259"
},
"installation": {
"href": "https://api.talkdeskapp.com/apps/f918e2623486417791f3b5a18ca746ce/installations/9514148a170c4d4aaa344a540cec08c5"
}
}
}
The links
section contains:
Attribute | Description |
---|---|
self | URL to retrieve the event content |
installation | URL to retrieve installation data |
root | URL to Talkdesk's API Gateway |