# API Secret Management The API Secret Management section of the Dashboard permits a user with the Super Admin role to generate and manage the confidential, organisational Client Secret used to authenticate B2B API integrations (for example, when obtaining OAuth access tokens). Each organisation can maintain a single active, organisational Client Secret at any given time. Generating a new Secret rotates any previous Secret and prevents its future use. API Access Dashboard ## Role-Based Access Permissions Access to API Client Secret management is strictly controlled. Only users with the Super Admin role for an organisation are permitted to: * View the API Secret tab in the Dashboard; and * Generate or replace the organisation’s API Client Secret Users with Admin, or any other Dashboard roles cannot view, access, or generate API Client Secrets. This safeguard ensures that sensitive credentials are managed only by users with the highest level of organisational authority. ## UI Overview Secret status information, such as whether a Client Secret has been generated, and the timestamp of last generation is held within the audit trail of the generators’ dashboard profile. #### Generate Secret button Used to create or rotate the API client secret for the current organisation. API Access Dashboard ## Walkthrough ### Generating or replacing an API Client Secret To create a new API Client Secret or replace an existing one, follow the steps detailed below: #### Step 1: Generating an API Secret * In the left-hand navigation panel, select API Access. * In the Client Secret section, click Generate Client Secret. When a Super Admin selects Generate Client Secret, the platform automatically performs the following actions: * Securely generates a cryptographically strong random Secret. * Encrypts and stores the Client Secret against the organisation’s client record. * Invalidates any previously active Client Secret for the organisation. * Records a “Client Secret Generation” event in the audit log. #### Step 2: Retrieve Your One-Time Secret * Once generated, a one-time Secret modal will appear. * The Client Secret (plain text) will be displayed, only once at this point. ⚠️ Important: Copy and securely store the Client Secret now. It will not be visible again.