Breaking Change: Mandatory Client ID & Secret Rotation

Effective in API Version: v1
Type: Breaking Change

Staging Release Date: 26/04/2025
Staging Deprecation Date: 26/04/2025

Production Release Date: 06/05/2025
Production Deprecation Date: 06/05/2025

⸻

🔄 What’s Changing

We are migrating from Amazon Cognito to Auth0 as our authentication provider.
As a result, all platform customers will be issued a new client_id and client_secret for OAuth authentication.

This change affects all existing integrations using the /oauth2/token endpoint.

New Endpoint (unchanged):
POST https://staging.adfin.com/api/oauth2/token

Authentication Flow:
OAuth 2.0 Authorization Code + Refresh Token Your existing logic will remain compatible with the new Auth0-based tokens—only your credentials will change.

⸻

✅ What’s New

• All integrations must use new client credentials issued via Auth0.
• These credentials will be distributed securely via your Adfin account manager or provisioning process. • Existing Cognito-issued credentials will be revoked on the deprecation date.

⸻

🚨 Impact

• All API clients must update their integrations to use the new client credentials before the production deprecation date.
• Any requests using the old Cognito-issued client_id or client_secret will fail after this date. • If you’re managing credentials programmatically or storing them in environment variables, ensure they are updated in all environments (staging, production, etc.).

⸻

🔧 Migration Plan

• Retrieve your new client_id and client_secret via the Adfin your account manager.
• Update your integration to use the new credentials when calling the /oauth2/token endpoint on the switch over day. • Validate authentication and token refresh flows in staging before the production switchover. • Remove any references to your old credentials from your configuration and secret stores.