What is the best practice to share client-id and client-secret key with the client for client-credential flow?
Leveraging Kong as a gateway solution on our end is still very new. We currently pass around creds with secure emails and give them to SLO(Service Level Owners) to distribute to those around them that need the credentials to test and program against. We are working on a better programatic way with a CLI resource driven interface in the future where people will not have to impact us to get their credentials or view them and to drop the whole email gig 
.
If you want my Amazing Template it goes something like this (For say OAuth2.0 Client Credentials)
Hello ____,
I am with the Gateway team and have your credentials for proxy access ready!
Your credentials are as follows for Non-Prod:
{
client_id : …
client_secret : …
consumer_id : …
}
Your credentials are as follows for Prod:
{
client_id : …
client_secret : …
consumer_id : …
}
Then include important links about what OAuth2.0 flow looks like and direct them to your gateways documentation and specific OAuth2.0 URLS.
Pretty niffty eh 
?
1 Like
Thanks for your reply. We just launched our API gateway without proper UI for client to self manage their application access. As of now we are sharing client-credential via email with having link for one time access only.