For security reasons, you should rotate an API gateway's credential on a regular basis.
If the credential might have been compromised, change it immediately.
An API gateway credential is a safeguard against requests from an unauthorized API gateway integration kit. After you create a credential and copy it to your Ping Identity integration kit, the credential is included in authorization requests made from the API Gateway to the HTTP Access Policy service. If the credential is absent or no longer valid, the HTTP Access Policy service automatically rejects the client API request.
You can use the PingOne Authorize console to create a new credential for an existing API gateway. This enables you to retrieve the credential without having to make an API call. After you create a new credential in PingOne Authorize, you must update all API gateway integration kits that use the credential. Retain the previous credential to give API gateway owners time to make updates without causing errors for users.
To rotate an API gateway credential: