We’re trying to rotate our OAuth client secret for the integration account that feeds data into our CXone flows. The requirement is zero downtime. We can’t just swap the secret in the UI and expect the scripts to pick it up instantly without a restart or a glitch.
Here’s what we’ve tried so far:
- We generated a new client secret in the Developer Portal.
- We kept the old secret active.
- We updated our external service to use the new secret for token generation.
The issue is the script side. We’re using the GetRESTProxy action to call our internal API. The script uses a stored OAuth token. When we rotate the secret, the old token becomes invalid eventually. But if we update the script to fetch a new token using the new secret, we get a race condition. Some calls fail with 401 Unauthorized while others succeed.
Is there a way to configure the script to handle two valid secrets simultaneously? Or is there a specific API call to /api/v2/oauth/token that allows us to refresh the token in the background before the old one expires?
We’re also looking at using the CXone Platform SDK in a Node.js wrapper to manage the token refresh. But the SDK doesn’t seem to have a built-in mechanism for secret rotation. It just takes one client ID and one secret.
We need a step-by-step process. How do we:
- Generate the new secret.
- Update the script to use the new secret for token requests.
- Ensure the old secret is still valid during the transition.
- Revoke the old secret only after we’re sure all active sessions have refreshed.
Any code s or API payloads for the token refresh step would be helpful. We’re stuck on the timing part. The script runs every 5 minutes. We can’t afford a gap.
Also, does the GetRESTProxy action cache the token? If it does, how long? We need to know when the cache expires to time the rotation.
We’re using the latest version of . No custom actions yet. Just standard REST Proxy calls.
Thanks.