In accordance with standard security best practices for credential management, an API client secret is treated like a password. It is displayed only once at the time of its creation. After this initial display, the system does not store it in a retrievable plaintext format and it cannot be viewed again through the user interface. If the secret is lost, the analyst must revoke the existing API client credentials and generate a new client ID and secret pair. This "show-once" policy is a critical security measure to prevent the exposure of sensitive credentials.

A. Editing an API client allows for modification of its metadata or permissions (scopes), but for security reasons, it does not reveal the existing secret.

B. Displaying sensitive credentials like API secrets in a list view, even in an optional column, would be a significant security vulnerability and is not a feature in secure systems.

C. Re-creating an API client, even with an identical name, will generate a completely new and different client ID and secret, invalidating the old credentials. It does not retrieve the original secret.

1. CrowdStrike Falcon Documentation: In the section on API client and key management

the documentation explicitly states: "The client secret is only shown once. Make sure to copy it to a safe place." This confirms that the secret is not retrievable after the initial creation dialog is closed.

Source: CrowdStrike Falcon Platform Documentation

API Clients and Keys

Section: "Create an API client". (Accessed via official CrowdStrike support portal).

2. OAuth 2.0 Specification (RFC 6749): While not specific to CCFA 200

the underlying principle is standard. The specification treats client secrets as confidential credentials. Section 2.3.1 states

"The client secret is a confidential value... The authorization server and the client MUST take reasonable steps to keep it confidential." The "show-once" method is a primary mechanism for this.

Source: Internet Engineering Task Force (IETF)

RFC 6749

"The OAuth 2.0 Authorization Framework"

Section 2.3.1

October 2012. (https://doi.org/10.17487/RFC6749)