Creating and managing credentials

How to create, update, or revoke the keys to the kingdom.


This page describes how you can use the Ocrolus Dashboard to manage your application's credentials. To learn how to use those credentials, see here.


Images may vary from final product

We took most of the screenshots on this page with an internal beta version of the Dashboard. It mostly reflects the public-facing UI, but there may be subtle differences due to ongoing improvements to our product. We'll update this page if the Dashboard's layout or style changes significantly.

Accessing the menu

After you log in to the Ocrolus Dashboard, you can generate API credentials through the API Credentials tab in the Settings Center. You can also access this tab through the profile selector in the upper right corner of the Dashboard.


The API Credentials tab of the Ocrolus Dashboard. One active credential named "Test OAuth Credentials" is listed. Its Client ID is blurred to indicate that it should be considered sensitive information.


This part of the Dashboard is in beta, too!

The parts of the Ocrolus Dashboard shown in this guide are in beta. Some features from the generally-available Dashboard may not yet be available. You can return to the generally-available Dashboard at any time with the "Exit Beta" menu item, which can be found on every page in the beta Dashboard.

Creating Credentials

Select the Add OAuth 2.0 API Credentials button to generate a new credential. You will receive a random client ID and client secret. Give the credentials a name that makes sense to you.


Creating a new set of credentials for an application named My First Ocrolus Application. The client ID and secret are both blurred to indicate that these should be considered sensitive information. The Add Credentials button is disabled because the user has not yet used the provided Download JSON link.

You must download the provided credentials before saving them to your account, as for security reasons the client secret cannot be retrieved after you close this window.


Conveniently storing credentials

Password managers such as Bitwarden or LastPass are useful for storing API credentials (even for services unrelated to Ocrolus), but please be mindful of your organization's security policy.

Revoking and Deleting Credentials

To revoke a set of credentials, click the "Revoke Credentials" button. You cannot generate access tokens from revoked credentials.


Revoking a set of credentials named "Test OAuth Credentials."

Revoked credentials are available in your Dashboard in case you need to audit your credential history. You can completely delete credentials by checking the "Remove this Credential" option. You can go back and delete revoked credentials through the Dashboard at any time.


No turning back!

Revoked credentials cannot be reactivated, and deleted credentials cannot be recovered. Make sure that you're ready before doing so.

Rotating Credentials

We recommend rotating your credentials periodically, or if you suspect they've been compromised. You can do so as follows:

  1. Create a new credential as described in Creating Credentials.
  2. Confirm that the credential is valid by requesting an access token with it. See here for more information.
  3. Apply the new credential to the infrastructure that needs it.
  4. Revoke the old credential as described in Revoking and Deleting Credentials.