How NOT to keep a Secret
What's Happening
Featured
I thought it might be useful to post on a recent product change concerning how your API Secret is managed.
First some background. As you are probably aware, your API credentials (username & secret) are closely connected to your SiteCatalyst user profile. In fact, all API credentials are bound to a single SiteCat user. You can see that if you look at your API username. It is always in this format… SITE_CATALYST_USERNAME:COMPANY_NAME (example, "johndoe:Acme Co"). The 32 character API Secret for that username is always generated for you in the Admin Console. What you may not have known is that until recently it was linked to your SiteCatalyst user password. In fact, if you ever changed your password your API Secret would also change – possibly breaking a script/application that was making API calls. :(
The new approach.
Your API Secret is no longer bound to your SiteCatalyst user password. Yay! This means that you can keep your API credentials constant even if you change your SiteCatalyst password frequently (probably a good practice). But, what if you WANT to change your API Secret? Well that is covered. A user with Admin privileges can simply go into the User Management area of the Admin Console and edit your SiteCatalyst user. Just check the new box indicating to "Regenerate shared secret on save" and then click save.
Viola! a new Secret…
Also, there is no need to worry about your existing Secret failing to work in the near future. I have been told that we all have about 12 months (until August 2013) to go and regenerate our API Secrets using this method,
That's it! Please reply with any questions/comments.
–Sean (@seangubler)
Sean is a Sr. Partner Integration Manager focusing on integrations with the Adobe Marketing Cloud. This includes Adobe Genesis integrations and custom integrations using Adobe’s Web Services.