Resetting an API Secret

Overview

API Apps in Perspio use a Client ID and Client Secret to authenticate external integrations (for example, BI tools, middleware, or custom scripts). For security and governance, each Client Secret is valid for 2 years. When the secret is nearing expiry—or if you suspect it has been exposed—you must reset the secret and update the consuming integration with the new value.

This article explains how to reset an API secret from the Admin → API menu.

When to use this

Reset an API secret when:

The Client Secret Expiry date is approaching (2-year validity).
An integration vendor/team changes and credentials must be rotated.
You suspect the secret has been disclosed or mishandled.
The integration fails authentication due to an expired/invalid secret.

Permissions required

You must have Admin access to the tenant and permission to manage API Apps.

Important notes before you begin

Resetting the secret generates a new Client Secret. Any system still using the old secret will fail to authenticate until updated.
Treat the new secret like a password:
- Store it in a secure secrets manager (preferred).
- Avoid sharing it via email or chat.
- Only reveal/copy it when you are ready to update the integration.

Procedure

Step 1 — Open the Admin panel

From the main Perspio navigation, click Admin.

Step 2 — Go to the API menu

In the Admin left-hand menu, select API.

Step 3 — Select the App you want to rotate

On the Apps page, locate the API App associated with the integration you want to update.
Click the App card to open it.

Tips for selecting the correct App

Use the Description field to identify the integration (for example, “Power BI”).
If multiple Apps exist, confirm by comparing the Client ID used in the external system.

Step 4 — Reset the Client Secret

In the App, ensure you are on the Details tab.
Locate the Client Secret row.
Click Reset secret.

What this does

Perspio generates a new Client Secret for this App.
The old secret should be considered invalid for ongoing use (treat it as rotated out).

Step 5 — Confirm the new secret is generated

After resetting, a new secret is generated and ready to be used.

What to do immediately

Copy the new secret (using the provided UI controls).
Update your external integration configuration to use the new secret.
Validate connectivity (for example, refresh the connection, run a test call, or reload the dataset).

Screen controls and fields (what you’ll see)

Within the App’s Details tab, these fields are commonly referenced during a secret reset:

Client Id: The application identifier used by the integration.
Client Secret: The secret credential (masked).
- Reset secret rotates the secret.
Client Secret Expiry: The expiry timestamp.
- Validity is 2 years from issuance/rotation.
Tenant Id: Your tenant identifier (often required in auth flows).
Subscription Key: Used by some API gateways/requests (commonly passed as a request header).

Troubleshooting

Integration fails after the reset

Likely cause: the external system is still using the old secret.

Fix:

Update the integration with the new Client Secret.
Re-test authentication / refresh token / reconnect.
Confirm you are updating the correct App (match Client ID).

You can’t find the right App

Check the Description on each App card (best practice is to name/describe it after the integration).
Confirm the Client ID used by the external system and match it to the App’s Client Id.

Best practices

Rotate secrets proactively ahead of expiry (2-year validity).
Maintain one App per integration to simplify audits and rotation.
Use Restricted access where possible (Admin → API → Restrictions) to enforce least privilege.
Store all credentials in a secure vault and limit access to only those who need it