Use the SDK secrets endpoints to manage SDK secrets for your apps. You can revoke outdated secrets, revoke specific secrets, ensure that a secret is active, and update the scope of a v3 secret.
Revoke outdated secrets
Revoke all SDK secrets that are older than a specified version. This is useful for cleaning up old secrets after migrating to a newer SDK signature version.
API protocol
Endpoint: https://automate.adjust.com/app-automation/app/{app_token}/secrets/revoke_outdated
Method: POST
Request body: Revoke Outdated Request
Response: Revoke Outdated Response
Parameters
| Parameter | Data type | In | Required | Description |
|---|---|---|---|---|
app_token | String | Path | Yes | The Adjust app token. |
min_active_version | Integer | Body | No | Minimum version to keep active. Secrets older than this version are revoked. Default: 3. |
force | Boolean | Body | No | Set to true to revoke secrets even if it would leave no active secrets. Default: false. |
Behavior
- Secrets with a version less than
min_active_versionare revoked. - If revoking would result in no active secrets remaining, the operation fails unless
force: trueis set. - The default
min_active_versionof3means v1 and v2 secrets are revoked, keeping only v3 secrets active.
Example
Revoke all secrets older than v3
curl --location 'https://automate.adjust.com/app-automation/app/abc123xyz/secrets/revoke_outdated' \--header 'Authorization: Bearer {your-adjust-api-token}' \--header 'Content-Type: application/json' \--data '{ "min_active_version": 3}'{ "combined_secrets": { "enforce_install_signing": true, "secrets": [ { "id": 1001, "name": "Legacy Secret", "active": false, "value": ["secret1", "secret2", "info1", "info2"], "internal_version": 3, "version": 2, "created_at": "2023-01-15T10:30:00Z", "updated_at": "2024-06-15T14:00:00Z" }, { "id": 2001, "platform": "android", "label": "Android SDK Secret", "active": true, "scope": "all-traffic", "algorithm": "adj1", "internal_version": "3.47.0", "version": 3, "created_at": "2024-06-01T12:00:00Z", "updated_at": "2024-06-01T12:00:00Z" } ] }, "revoked": 1}Force revoke even with no remaining active secrets
curl --location 'https://automate.adjust.com/app-automation/app/abc123xyz/secrets/revoke_outdated' \--header 'Authorization: Bearer {your-adjust-api-token}' \--header 'Content-Type: application/json' \--data '{ "min_active_version": 3, "force": true}'Revoke a specific secret
Revoke a specific SDK secret by its ID. This deactivates the secret immediately.
API protocol
Endpoint: https://automate.adjust.com/app-automation/app/{app_token}/secrets/{secret_id}/revoke
Method: POST
Response: HTTP 202 Accepted on success
Parameters
| Parameter | Data type | In | Required | Description |
|---|---|---|---|---|
app_token | String | Path | Yes | The Adjust app token. |
secret_id | Integer | Path | Yes | The ID of the secret to revoke. |
Example
curl --location --request POST 'https://automate.adjust.com/app-automation/app/abc123xyz/secrets/1001/revoke' \--header 'Authorization: Bearer {your-adjust-api-token}'HTTP/1.1 202 AcceptedReactivate or update a secret
Use this endpoint to ensure a secret is active. For v3 secrets, you can also update the traffic scope.
API protocol
Endpoint: https://automate.adjust.com/app-automation/app/{app_token}/secrets/{secret_id}/reactivate
Method: POST
Request body: Reactivate Secret Request
Response: HTTP 202 Accepted on success
Parameters
| Parameter | Data type | In | Required | Description |
|---|---|---|---|---|
app_token | String | Path | Yes | The Adjust app token. |
secret_id | Integer | Path | Yes | The ID of the secret. |
scope | String | Body | No | Secret traffic scope for v3 secrets. One of: all-traffic, post-install. |
Behavior
- For legacy secrets, the endpoint can only reactivate a revoked secret.
scopeis not supported. - For v3 secrets, you can optionally pass
scopeto update the secret’s traffic scope. - For v3 secrets,
scopecan be used to switch betweenall-trafficandpost-install, even when the secret is already active. - When
scopeis provided for a v3 secret, the API ensures the secret is active and then applies the requested scope.
Example
curl --location --request POST 'https://automate.adjust.com/app-automation/app/abc123xyz/secrets/1001/reactivate' \--header 'Authorization: Bearer {your-adjust-api-token}' \--header 'Content-Type: application/json' \--data '{ "scope": "post-install"}'HTTP/1.1 202 AcceptedViewing all secrets
To view all SDK secrets for an app, use the App Settings endpoint with the combined_secrets section:
curl --location 'https://automate.adjust.com/app-automation/app/abc123xyz/settings?sections=combined_secrets' \--header 'Authorization: Bearer {your-adjust-api-token}'{ "combined_secrets": { "enforce_install_signing": true, "secrets": [ { "id": 1001, "name": "Legacy Secret v2", "active": true, "value": ["secret1", "secret2", "info1", "info2"], "internal_version": 3, "version": 2, "created_at": "2023-01-15T10:30:00Z", "updated_at": "2023-01-15T10:30:00Z" }, { "id": 2001, "platform": "android", "label": "Android SDK Secret", "active": true, "scope": "post-install", "algorithm": "adj1", "internal_version": "3.47.0", "version": 3, "created_at": "2024-06-01T12:00:00Z", "updated_at": "2024-06-01T12:00:00Z" }, { "id": 2002, "platform": "ios", "label": "iOS SDK Secret", "active": true, "scope": "all-traffic", "algorithm": "adj1", "internal_version": "3.47.0", "version": 3, "created_at": "2024-06-01T12:00:00Z", "updated_at": "2024-06-01T12:00:00Z" } ] }}Data models
Revoke Outdated Request
| Parameter | Data type | Description |
|---|---|---|
min_active_version | Integer | Minimum version to keep active. Secrets older than this are revoked. Default: 3. |
force | Boolean | Revoke secrets even if no active secrets would remain. Default: false. |
Revoke Outdated Response
| Parameter | Data type | Description |
|---|---|---|
combined_secrets* | Object | Updated secrets state after revocation. |
revoked* | Integer | Number of secrets that were revoked. |
Reactivate Secret Request
| Parameter | Data type | Description |
|---|---|---|
scope | String | Secret traffic scope for v3 secrets. One of: all-traffic, post-install. |
Combined Secrets
| Parameter | Data type | Description |
|---|---|---|
enforce_install_signing* | Boolean | Whether to reject unsigned installs. |
secrets* | Array[Object] | List of all SDK secrets including the legacy one. |
Legacy Secret
| Parameter | Data type | Description |
|---|---|---|
id* | Integer | Secret ID. |
name | String | Secret name/label. |
active* | Boolean | Whether the secret is active. |
value* | Array[String] | Secret values (4 elements). |
internal_version* | Integer | SDK Signature library version. |
version* | Integer | SDK secret version (1 or 2). |
created_at* | String | ISO datetime when the secret was created. |
updated_at* | String | ISO datetime when the secret was last updated. |
SDK Secret
| Parameter | Data type | Description |
|---|---|---|
id* | Integer | Secret ID. |
platform* | String | Target platform (android or ios). |
label* | String | Human-readable label for the secret. |
active* | Boolean | Whether the secret is active. |
scope | String | Active traffic scope for v3 secrets. One of: all-traffic, post-install. |
algorithm* | String | Signature algorithm used. |
internal_version* | String | SDK Signature library version. |
version* | Integer | SDK secret version (3 or higher). |
created_at* | String | ISO datetime when the secret was created. |
updated_at* | String | ISO datetime when the secret was last updated. |