Genesys Cloud - Developer Announcements!

Summary

We have enhanced OAuth security by updating the length of OAuth client secrets.

What’s changing?

We have made changes to the number of characters used for OAuth client secrets. Client secrets were previously 43 characters in length. Following this change, new or updated client secrets are now 60 characters in length.

Existing client secrets are unaffected by this change.

Why this matters?

This change has been implemented for increased security and to assist with identification of client secrets stored insecurely on public repositories.

__

This change has already been implemented (Mar 2026). This announcement is being made to alert any customers that create or update client secrets using automated systems, to ensure that these systems can handle the longer client secret, before updating existing client secrets.

Effective Date

Effective Immediately

Customer Impact

What you need to do?

If you use any automation processes which assume a specific or max character length for OAuth client secrets, you will need to update these processes to allow for the longer client secret length. Following this change, client secrets are now 60 characters in length.

Note: This change only applies to newly created clients or when the client secret is updated. Existing client secrets are unaffected. You do not need to update your current client secrets. However, doing so will ensure that any client secrets that are stored insecurely on public repositories can be more easily flagged for remediation.

Note: This change was previously announced via https://community.genesys.com/discussion/update-oauth-client-secret-length-change-effective-27-april-2026. However, the previous announcement contained numerous errors, so has been cancelled and replaced by this announcement.

Impacted Resources

GET /api/v2/oauth/clients

PUT or GET /api/v2/oauth/clients/{clientId}

POST /api/v2/oauth/clients/{clientId}/secret

Issue References

IAM-4113

Contacts

@David Murray  

Please reply to this announcement with any questions. This helps the wider developer community benefit from the discussion. We encourage you to use this thread before contacting the designated person directly. Thank you for your understanding.

Will an OAuth created before the change affect functionality?

------------------------------
Kaio Oliveira
GCP - GCQM - GCS - GCA - GCD - GCO - GPE & GPR - GCWM

PS.: I apologize if there are any mistakes in my English; my primary language is Portuguese-Br.
------------------------------

Original Message:
Sent: 04-16-2026 10:50
From: Developer Community
Subject: We have enhanced OAuth security by updating the length of OAuth client secrets.

Summary

We have enhanced OAuth security by updating the length of OAuth client secrets.

What's changing?

We have made changes to the number of characters used for OAuth client secrets. Client secrets were previously 43 characters in length. Following this change, new or updated client secrets are now 60 characters in length.

Existing client secrets are unaffected by this change.

Why this matters?

This change has been implemented for increased security and to assist with identification of client secrets stored insecurely on public repositories.

__

This change has already been implemented (Mar 2026). This announcement is being made to alert any customers that create or update client secrets using automated systems, to ensure that these systems can handle the longer client secret, before updating existing client secrets.

Effective Date

Effective Immediately

Customer Impact

What you need to do?

If you use any automation processes which assume a specific or max character length for OAuth client secrets, you will need to update these processes to allow for the longer client secret length. Following this change, client secrets are now 60 characters in length.

Note: This change only applies to newly created clients or when the client secret is updated. Existing client secrets are unaffected. You do not need to update your current client secrets. However, doing so will ensure that any client secrets that are stored insecurely on public repositories can be more easily flagged for remediation.

Note: This change was previously announced via https://community.genesys.com/discussion/update-oauth-client-secret-length-change-effective-27-april-2026. However, the previous announcement contained numerous errors, so has been cancelled and replaced by this announcement.

Impacted Resources

GET /api/v2/oauth/clients

PUT or GET /api/v2/oauth/clients/{clientId}

POST /api/v2/oauth/clients/{clientId}/secret

Issue References

IAM-4113

Contacts

@David Murray  

Please reply to this announcement with any questions. This helps the wider developer community benefit from the discussion. We encourage you to use this thread before contacting the designated person directly. Thank you for your understanding.