Use this endpoint to rotate your Integration API client_secret. You must confirm your current account password before a new secret is issued. Once the request succeeds, your old client_secret is immediately and permanently invalidated — any running integrations using the old secret will stop authenticating until you update them.
Endpoint
POST /api/v1/security/web/regenerate_new_client_secret
Authentication
All requests must include a valid Dashboard Bearer token in the Authorization header.
| Header | Type | Required | Description |
|---|
Authorization | string | Yes | Bearer <token> — obtain from Login |
Content-Type | string | Yes | application/json |
Request Body
Your current account password, used to confirm the secret rotation. Maximum 255 characters.
Example Request Body
{
"password": "your-current-password"
}
Response
A successful response returns a new APIKey object with your client_id unchanged and a freshly generated client_secret.
| Field | Type | Description |
|---|
client_id | string | Your Integration API client identifier (unchanged) |
client_secret | string | Your newly generated client secret — store it securely immediately |
Success
{
"status": true,
"response_code": "00",
"message": "Client secret regenerated successfully",
"data": {
"client_id": "your_client_id",
"client_secret": "new_generated_secret_value"
}
}
Example
curl --request POST \
--url https://baasapi.payrepmfb.com/api/v1/security/web/regenerate_new_client_secret \
--header 'Authorization: Bearer <your_dashboard_token>' \
--header 'Content-Type: application/json' \
--data '{
"password": "your-current-password"
}'
Your old client_secret is immediately invalidated the moment this request succeeds. Any active server-to-server integrations using the old secret will fail authentication. Update all your environments — production, staging, and any CI/CD pipelines — with the new secret before or immediately after rotating.
