Checking and Resetting Access Keys

When you create an application in Kii Cloud, the following access keys will be assigned to the application:

  • AppID
  • AppKey
  • ClientID
  • ClientSecret

You can check the assigned access keys on the developer portal. You can also reset the ClientSecret.

Checking access keys

You can check the access keys in the following steps:

  1. Click the gear icon in the upper-right corner and then click the "Access Keys" icon.

  2. The AppID and AppKey will be shown as follows:

  3. Click the "Click to show Client ID and secret" button to bring up the ClientID and ClientSecret.

    Make sure to manage the ClientID and ClientSecret safely so as not to leak them to third parties.

Resetting the ClientSecret

Only the application administrator can reset the ClientSecret. Collaborators are not allowed to reset the ClientSecret.

Note that resetting the ClientSecret will prevent existing pseudo users from logging in. Before resetting the ClientSecret, you need to enable pseudo users to log in with a different method. To do so, you can change pseudo users to normal users or link them to accounts of external services.

For more information about the pseudo user feature, see the following topics.
Android   iOS   JavaScript   REST

To reset, follow the steps in Check access keys to bring up ClientID and ClientSecret. Then, press the "Reset" button.

The following confirmation screen shows up.

Press the "Reset" button after entering the ClientID. You will get the following notification.

At this point, the old ClientSecret is disabled and the new one is assigned to your application. To check the new ClientSecret, follow the step in Check access keys again.

Invalidating access tokens

As described in the confirmation screen, all access tokens issued before resetting the ClientSecret will be invalidated once the ClientSecret is reset.

Invalidating access tokens may take a while if the number of issued access tokens is huge. You can check the progress of the token invalidation process by browsing the developer log. The following message will be recorded when all access tokens are invalidated.

2016-12-06T15:05:12.000+09:00 [INFO] oauth2.clientsecret.rest description:Reset ClientSecret started  clientID:{CLIENT_ID}
2016-12-06T15:05:12.000+09:00 [INFO] oauth2.clientsecret.rest description:Reset ClientSecret completed  clientID:{CLIENT_ID}