KB Article #180577

Reusing API key IDs, OAuth client IDs or external client IDs results in 409 conflict error - resource already exists

Problem

Trying to reuse API key IDs, OAuth client IDs or external client IDs results in a 409 conflict error saying "resource already exists."

Resolution

There is a new requirement that all of these values be unique in 7.5.3 SP11+ (RDAPI-16162), 7.6.2 SP4+ (RDAPI-16477), and 7.7 SP1+ (RDAPI-16478) due to bug fixes in the API client cache. Duplication of these values on prior versions should also be avoided, due to issues that will cause with the API client cache. If this duplication was being done to make sure that a custom inbound security policy checks that the credentials are owned by an application with access to the API, this can instead be done inside the custom security policy by using Read API Access and related filters.


Update. As of 7.7.Sep20 and later, via RDAPI-18431 this limitation was removed. From the release note: "Resolution: External Client IDs can be the same as API Keys and OAuth Client IDs." That wording implies that there may still be a limitation on using the same OAuth client ID as an API Key (not tested).