API clients
Manage API clients to authenticate API request
API credentials securely authenticates your application with IDnow. You can manage multiple clients and their credentials in the IDnow dashboard.
Each API client has a Client ID and a Client secret. Never share client secrets or store them in version control.**
Manage clients
- Log in to the IDnow dashboard at Loading....
- Go to Settings > Developer > API clients.
Create client
- Select New API client.
- Enter a descriptive name.
- Select permissions.
- Select Create API client.
Save API client details
- Copy Client ID and Client secret securely.
- Confirm you have saved them.
Copy the client secret now. You won't see it again.
Lost secrets must be regenerated and updated in all apps.
Edit client
- Find your API client, select View details.
- Edit name, permissions, or regenerate client secret.
'Client ID' cannot be changed.
Regenerate secret
- Select Regenerate.
- Confirm and copy new secret.
Important: Old secret is revoked. Update all apps.
Delete client
- Find and select Delete icon.
- Confirm deletion.
This action cannot be undone. Update or disable all apps using this client before deletion.
Security best practices
- Never share secrets.
- Don't store secret in version control.
- Use environment variables or secure storage.
- Grant minimum permissions.
- Remove unused clients.
- Regenerate secrets periodically.
- Use separate clients for each environment.
- Test rotation before applying to Live.