Skip to main content
GOV.UK
Menu
HMRC Developer Hub
  • Documentation
  • Applications
  • Support
  • Service availability

GOV.UK uses cookies to make the site simpler. Find out more about cookies

  1. Home
  2. Authorisation
  3. Credentials
  • Register
  • Sign in
  • Using the Developer Hub
  • API documentation
  • Reference guide
  • Development practices
  • Send fraud prevention data
  • Authorisation
  • Tutorials
  • Testing in the sandbox
  • Terms of use
  • Making Tax Digital guides
 

Authorisation

On this page

  • Introduction
  • Credentials
  • Open access endpoints
  • Application-restricted endpoints
  • User-restricted endpoints
  • 2-step verification

Credentials

Your credentials are your client ID and your client secret.

Credentials are used:

  • to identify and authorise your application during each step of an OAuth 2.0 journey
  • when you test your application with sandbox APIs

Client ID

Your client ID is a unique identifier we create when you add your application to the Developer Hub.

Client secrets

Client secrets are unique passphrases that you generate to authorise your application. They are known only to your application and the authorising server.

The client secret is the equivalent of a password and should not be stored in plain text. Only store an encrypted version of the client secret to reduce the chance of it being compromised.

Rotate your client secret regularly

Rotate your application’s client secret to shorten the period an access key is active, reducing the impact to your business if it is compromised.

To rotate your client secret:

  1. Generate a new client secret, in addition to the one used by your application
  2. Update your application to use the new client secret
  3. Check that your application is working with the new client secret
  4. Delete the inactive client secret

You can have up to 5 client secrets at any time.

  • Previous : Introduction
  • Next : Open access endpoints
Is this page not working properly? Is this page not working properly?
  • Cookies
  • Privacy policy
  • Terms and conditions
  • Help using GOV.UK
  • Accessibility statement

Open Government Licence

All content is available under the Open Government Licence v3.0, except where otherwise stated

© Crown Copyright