Zero-downtime OAuth secret rotation for CXone REST Proxy

Trying to rotate the client secret for a production tenant without dropping active calls. The docs say you can have two active secrets. I updated the secret in the console, then immediately ran a test via Postman with the new value. It worked.

But when I call GetRESTProxy in using the old credentials, it throws a 401. Is the switch instant or is there a cache delay? I don’t want to script a staggered rollout if it’s not needed. What’s the exact sequence?

NICE CXone rotates the hash, not the secret itself. You can’t just swap strings in a config file. You’ll need to update the Terraform state for the nice_cxone_integration resource. Run terraform plan first to see the diff, then apply. It handles the API handoff cleanly without dropping sessions.