Share via

Registration Secret - Rotate Secret

Service:
Delegated Authorization
API Version:
7.2-preview.2

Rotate one of the two secrets for the ADO OAuth App Registration

PUT https://vssps.dev.azure.com/_apis/delegatedauth/registrationsecret/{registrationId}?api-version=7.2-preview.2
With optional parameters: 
PUT https://vssps.dev.azure.com/_apis/delegatedauth/registrationsecret/{registrationId}?secretType={secretType}&api-version=7.2-preview.2

URI Parameters

Name In Required Type Description
registrationId
 path True

string (uuid)

The registration id of the ADO OAuth App Registration
api-version
 query True

string

Version of the API to use. This should be set to '7.2-preview.2' to use this version of the api.
secretType
 query

string

The secret type to rotate, either primary or alternative

Responses

Name Type Description
200 OK

Registration

successful operation

Security

EntraOAuth

OAuth access token. Learn how to acquire an OAuth access token using Entra.

Type: oauth2
Flow: accessCode
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize
Token URL: https://login.microsoftonline.com/common/oauth2/token

Scopes

Name Description
vso.tokens Grants the ability to manage delegated authorization tokens to users

Definitions

Name Description
ClientType

Differentiate the different registration types
Registration

ADO OAuth App Registration

ClientType

Enumeration

Differentiate the different registration types

Value Description
confidential

Confidential App Registrations, this is the default type for Apps created using UI.
public

Public App Registrations
mediumTrust

Medium Trust App Registrations
highTrust

High Trust App Registrations
fullTrust

Full Trust App Registrations
application

Application based OAuth App Registrations

Registration

Object

ADO OAuth App Registration

Name Type Description
accessHash

string

alternativeSecret

string

Alternative Secret
alternativeSecretValidFrom

string (date-time)

Alternative Secret valid from
alternativeSecretValidTo

string (date-time)

Alternative Secret valid to
alternativeSecretVersionId

string (uuid)

Alternative Secret Version Id of the ADO OAuth App Registration
clientType

ClientType

Differentiate the different registration types
identityId

string (uuid)

Identity Id of the owner of the ADO OAuth App Registration
isValid

boolean

Validity of the ADO OAuth App Registration
isWellKnown

boolean

issuer

string

organizationLocation

string

URL of the organization that that is registering the app to use OAuthURL of the organization that that is registering the app to use OAuth
organizationName

string

Name of the organization that that is registering the app to use OAuth
publicKey

string

Raw cert data string from public key. This will be used for authenticating medium trust clients.
redirectUris

string[]

Redirect URIs of the ADO OAuth App Registration
registrationDescription

string

Description of the ADO OAuth App Registration
registrationId

string (uuid)

Registration Id of the ADO OAuth App Registration
registrationLocation

string

URL of the ADO OAuth App Registration
registrationLogoSecureLocation

string

URL of the ADO OAuth App Registration Logo
registrationName

string

Name of the ADO OAuth App Registration
registrationPrivacyStatementLocation

string

URL of the ADO OAuth App Registration Privacy Statement
registrationTermsOfServiceLocation

string

URL of the ADO OAuth App Registration Terms of Service
responseTypes

string

scopes

string

Scopes that the app will have access to in ADO on behalf of the users
secondaryHash

string

secret

string

Primary Secret
secretValidTo

string (date-time)

Primary Secret valid to
secretVersionId

string (uuid)

Primary Secret Version Id of the ADO OAuth App Registration
setupUri

string

URL of the ADO OAuth App Registration Setup
tenantIds

string[] (uuid)

validFrom

string (date-time)

Primary Secret valid from