Create an API Credential

1. Go to HTTP Connectors > Credentials
2. Click Create:

1. You will be asked to provide a Credential Name
2. You must choose a Credential Type
   1. [Recommended]OAuth 2.0 w/ Client Credentials can be used to generate access tokens here
   2. API Keys can be tested here

📘

Credentials Best Practices

• Credentials are never written to disk, or stored in any way. They are only allowed to be viewed in plain text once on the Credentials Screen. Only the hash of the credential is stored.
• Note: When an account is deactivated or deleted, any associated API keys will stop working.
  • Due to this security measure, Moveworks recommends generating API keys using a dedicated service account rather than an individual employee's user account.
    • Using a service account enhances security by creating a stable, auditable identity for the integration that is not tied to a person’s employment status, mitigating risks from former employees and ensuring the principle of least privilege can be properly applied.

Token Expiry Details

Expiry Information:

• Secret Expiry: Client IDs, Client Secrets, & API Keys never expire.
• Access Token expiry: Every 60 seconds.

Rotation & Revocation

In the event that your credential is exposed or leaked, Moveworks recommends the following process for token rotation:

1. Create a new API key following the steps outlined above under Create an API Credential.
2. Update your code or integrations to leverage the new API key.
3. Leverage the trash icon and delete the previous API key. Selecting delete will permanently invalidate your API key.