Improved
Open beta
The credential formats for Snyk Apps have changed, to be recognizable and compatible with third-party secret scanning systems.
Specifically, the format of client secrets and refresh tokens have changed. Both credential types now include a prefix (snyk_
) followed by an identifier (cs_
for client secrets, rt_
for refresh tokens) and a trailing version number (currently _v1
).
To illustrate, the credential types adhere to the following general form:
- For refresh tokens:
^snyk_rt_.+_v1$
(e.g. snyk_rt_8R6aIT88713YlnZ5loA3rO5nFkzap0rs3miIPFb0J78_JOCRYo3olA5cubc5jYxy8R7xhf9m9cP8wwJ3FYy4Kis_v1
)
- For client secrets:
^snyk_cs_.+_v1$
(e.g. snyk_cs_FDals7bwaCdSIW_6sOaV92yQouJ8GlztpuBZLLpyEp80_v1
)
Existing credentials will continue to work. To take advantage of the new client secret format, you will need to rotate the client secret for your Snyk App using the POST /orgs/{org_id}/apps/{client_id}/secrets
API endpoint, new refresh tokens will reflect the latest format automatically, you may exchange an existing refresh token for a new one using the POST /oauth2/token
API endpoint.
You can learn more about Snyk Apps, currently available as an open beta, here.