GetAppCredentialsResponse
Response from GET /applications/1.0/{appId}/credentials. The credential
fields are wrapped under productionCredentials so a future sandboxCredentials
sibling envelope can be added without breaking this response.
clientSecret is intentionally absent: Cognito does not allow reading the
secret back after creation. It is surfaced exactly once on the
POST /applications/1.0/drafts response; if you did not save it then,
contact TimeBack support.
The clientId is stable across draft→active promotion: developers do NOT
need to rotate credentials when their App is approved. Scopes expand on
promotion; client identity does not.
- applicationType: string Format: uuid
Id requiredUnique identifier of the App whose credentials are returned.
- appType: string · AppUrn
Urn Pattern: ^urn:uuid:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$requiredCanonical URN identifying your registered application.
Format:
urn:uuid:{applicationId}(RFC 4122). Use this value as CaliperedApp.idwhen emitting events from your app. - productionType: object · ProductionCredentials
Credentials requiredOAuth credentials for the App on the production Cognito user pool. The same client is used in both draft and active App states — scopes expand on promotion but
clientId,tokenUrl, and shape do not change. A futuresandboxCredentialssibling envelope will carry sandbox-pool credentials when the sandbox Cognito pool exists.- clientType: string
Id requiredOAuth client ID for authenticating your application (client credentials flow). Stable across draft→active promotion.
- scopesType: array string[]required
OAuth scopes currently authorized on this client. Expands on promotion; today's list reflects the draft scope only.
- tokenType: string Format: uri
Url requiredCognito token endpoint. POST
client_id+client_secrethere withgrant_type=client_credentialsto mint an access token.
- sandboxType: object · SandboxCredentialsnullable
Credentials requiredSandbox-pool credentials (no secret). Null when the App is sandbox-pending.
Sandbox OAuth credentials for the App on the sandbox Cognito user pool (
sandbox.platform.timeback.com). No secret is returned; the sandbox secret is surfaced exactly once on thePOST /applications/1.0/draftsresponse.- clientType: string
Id requiredSandbox-pool OAuth client ID (client credentials flow).
- scopesType: array string[]required
Sandbox-tier OAuth scopes authorized on this client.
- tokenType: string Format: uri
Url requiredSandbox Cognito token endpoint.
