View categories

Categories

Heroku Architecture
- Compute (Dynos)
  - Dyno Management
  - Dyno Concepts
  - Dyno Behavior
  - Dyno Reference
  - Dyno Troubleshooting
- Stacks (operating system images)
- Networking & DNS
- Platform Policies
- Platform Principles

Command Line

Deployment
- Deploying with Git
- Deploying with Docker
- Deployment Integrations

Continuous Delivery & Integration
- Continuous Integration

Language Support
- Node.js
  - Troubleshooting Node.js Apps
  - Working with Node.js
  - Node.js Behavior in Heroku
- Ruby
  - Rails Support
  - Working with Bundler
  - Working with Ruby
  - Ruby Behavior in Heroku
  - Troubleshooting Ruby Apps
- Python
  - Working with Python
  - Background Jobs in Python
  - Python Behavior in Heroku
  - Working with Django
- Java
  - Java Behavior in Heroku
  - Working with Java
  - Working with Maven
  - Working with Spring Boot
  - Troubleshooting Java Apps
- PHP
  - PHP Behavior in Heroku
  - Working with PHP
- Go
  - Go Dependency Management
- Scala
- Clojure
- .NET

Databases & Data Management
- Heroku Postgres
  - Postgres Basics
  - Postgres Getting Started
  - Postgres Performance
  - Postgres Data Transfer & Preservation
  - Postgres Availability
  - Postgres Special Topics
- Heroku Key-Value Store
- Apache Kafka on Heroku
- Other Data Stores

Monitoring & Metrics
- Logging

App Performance

Add-ons
- All Add-ons

Collaboration

Security
- App Security
- Identities & Authentication
  - Single Sign-on (SSO)
- Private Spaces
  - Infrastructure Networking
- Compliance

Heroku Enterprise
- Enterprise Accounts
- Enterprise Teams
- Heroku Connect (Salesforce sync)
  - Heroku Connect Administration
  - Heroku Connect Reference
  - Heroku Connect Troubleshooting

Patterns & Best Practices

Extending Heroku
- Platform API
- App Webhooks
- Heroku Labs
- Building Add-ons
  - Add-on Development Tasks
  - Add-on APIs
  - Add-on Guidelines & Requirements
- Building CLI Plugins
- Developing Buildpacks
- Dev Center

Accounts & Billing

Troubleshooting & Support

Integrating with Salesforce

Implementing Credential Rotations as an Add-on Partner

Last updated February 18, 2025

Table of Contents

V3 Add-on Partner API integrations
Notes

Add-on Partners can rotate the credentials associated with an add-on instance at will via the V3 Partner Integration APIs.

Some partners have implemented customer-spawned credential rotation features via their SSO add-on dashboard. Other partners rotate credentials automatically in the background at regular intervals - for instance, every 90 days.

V3 Add-on Partner API integrations

You can find the API version your add-on is using in the Partner Portal under Settings -> Provisioning API.

You can use the Platform API for Partners to update config vars.

Notes

Credentials rotations will cause a new release (and subsequent dyno restart) on:

The app that owns the add-on instance and
All apps that are attached to the add-on instance.

This is normally transparent to Heroku customers.

You should ensure the old credentials work while the release and dyno restart process completes, otherwise your customers may submit requests to your service with invalid keys. You should wait an hour or two before removing the old credentials, as dynos in private spaces can take longer to restart than those in the common runtime.

Keep reading

Add-on Development Tasks

Feedback

Log in to submit feedback.

Writing to Application Logs as an Add-on Partner Implementing Roles for Heroku Users in Add-on SSO Dashboards