@santhoshkumar surisetty
As others have already mentioned, client_secret is in hash (there is no way you can get the clear text back from it). And I hope your application developer will not provide you the client_secret
Net: v5 client_secret is migrated over (we purposely support that to make the migration less painful) to v10/2018, the system knows this is a migrated application, with client_secret protected in v5 format
If the above migration is a test run, one option to handle the verification (instead of `trust us`)
- create a dummy application before hand the migration, keep the dummy client_secret, test against an api to make sure it works [as in verify the correctness of the client_secret by the gateway)
- perform migration
- perform the same test above (the client_secret will work against the migrated environment)
------------------------------
Shiu Poon
Senior Technical Staff Member - Security/Integration
IBM
San Jose CA
------------------------------
Original Message:
Sent: Wed April 20, 2022 11:38 AM
From: santhoshkumar surisetty
Subject: Client Secrets for API Connect v10
we migrated v5 to v10 , but we wanted verify that the subscriptions are working with existing client id and secret which we missed track of it somehow.
we have many consumer applications (more than 200 ). it may not be good to reach out each application team and get details . is there anyway to get secret for specific applications . we tried below command , it is returning hashed secrete.. we don't how to decrypt it .Could you please help on it?
apic credentials:list --app poc-api-s --catalog asm --org erie-testorg --server cpd-cp4i.apps.nprho..com/integration/apis/np-apic/np-apic --scope catalog --output -
------------------------------
santhoshkumar surisetty
------------------------------