Rotate Access Code
POST
/web/v1/workspaces/{workspaceId}/institutions/{institutionBizId}/portals/portal-types/{portalType}/access-code/rotate WEBRotates the access code for the specified portal type. A new code is generated while the old code remains valid during a transition period.
Required Headers
| Header | Example Value | Description |
|---|---|---|
| Content-Type | application/json | Request content type |
| Accept | application/json | Expected response type |
| X-Client-Hash | Client device fingerprint | |
| Accept-Language | en, zh, zh-Hant, ja, vi | Response language (default: en) |
| Authorization | Bearer | JWT access token |
Request Parameters
Path Parameters
| Name | Type | Required | In | Description |
|---|---|---|---|---|
workspaceId | string | Required | path | Workspace business ID |
institutionBizId | string | Required | path | Institution business ID |
portalType | integer | Required | path | Portal type code (e.g., 10010101=system, 10010102=tenant) |
Success Response
Success 200
{
"code": "2000",
"message": "SUCCESS",
"data": {
"accessCode": "pac_xxxx5678efgh",
"institutionBizId": "inst_abc123",
"portalType": 10010102,
"expiresAt": "2026-06-21T00:00:00Z",
"rotatingCode": "pac_xxxx1234abcd",
"rotatingCodeExpiresAt": "2026-03-28T00:00:00Z"
}
}Error Responses
| Code | Description |
|---|---|
4010 | Unauthorized (invalid or missing JWT token) |
4040 | Portal or access code not found |
Notes
- During rotation, both the new primary code and the old rotating code are valid.
- The
rotatingCodewill expire atrotatingCodeExpiresAt, after which only the new primary code is valid. - This enables zero-downtime access code rotation for clients.