As part of our ongoing commitment to security, reliability, and modern API standards, we are migrating all external API authentication to a new service provider in March 2026.
This change will require all existing API clients to update their integrations to authorize their access. New API credentials will also be issued.
This update also affects the valdr R package. Users will be required to refresh their API credentials to prevent authentication errors.
These updates are mandatory and will result in authentication failures if not implemented prior to the cutover.
What's changing?
New API credentials
All existing API clients will receive new clientId and clientSecret credentials. The key contact* from your organization will receive your new credentials ahead of time. If you do not receive them, please contact support@vald.com.
Your current credentials will no longer function after the cutover.
* Your key contact(s) can be nominated through the email you received with the subject 'Important: VALD APIs – Breaking Changes – March 2026'. If no key contact is nominated, credentials will be sent to your primary administrator.
New access token URL
The authentication endpoint will change as part of our transition to the new provider.
New OAuth Token URL
https://auth.prd.vald.com/oauth/tokenDeprecated authentication URL
https://security.valdperformance.com/connect/tokenYou must update your integration to use the new OAuth token URL before the migration date.
Required actions
API integrators
1. Let us know who should receive your new credentials
For security purposes, your new credentials will only be shared with relevant members of your organization. You will be asked to provide relevant contact details and your VALD organization ID before our support team can send you new API credentials via email.
2. Update the token URL
Point your OAuth token request to the new OAuth token URL (listed above).
3. Update your credentials
Replace your current clientId and clientSecret with the new credentials provided by our support team.
4. Request access tokens
When requesting access tokens, you now must add a new parameter to your request:
audience = "vald-api-external"Note that you no longer need to specify the scope parameter in your request; scope will not be provided in the response either.
See our APIs how-to guide for more examples.
5. Cache access tokens
To send and/or retrieve data from VALD, you must request an access token which is valid for several hours. This is done through a server-side API call to VALD's Identity Server – the exact token expiry will be provided in the response.
You should cache and reuse your access token until it expires before requesting a new one. Refer to our APIs how-to guide for more information and best practices regarding access tokens.
6. Review your error handling
We recommend ensuring your integration can gracefully handle authentication errors, such as:
401 Unauthorized429 Too Many Requestsinvalid_client
valdr users
1. Update valdr R package
Install valdr package version 2.2.0 before the cutover. Any prior version will result in authentication failures after the cutover. See 'Step 1: Install the valdr package' in the valdr how-to guide for installation instructions.
2. Update your credentials
Replace your current clientId and clientSecret with the new credentials provided by our support team. Use the set_credentials() function in your RStudio console as stipulated by 'Step 3: Set your credentials' in the valdr how-to guide.
Contact support
Have questions or need some help getting prepared for the update? Please reach out to the VALD support team, including in your communications relevant contact details and your VALD organization ID.
Comments
0 comments
Please sign in to leave a comment.