calcom · mintlify · Apr 2, 2026
diff --git a/apps-and-integrations/oauth.mdx b/apps-and-integrations/oauth.mdx
@@ -14,6 +14,26 @@ Only the cal.com team can create new OAuth clients. Please fill out [this form](
 
 The Cal.com team will register the app and provide you with the Client ID and Client Secret. Keep these credentials confidential and secure.
 
+### Rotating client secrets
+
+You can rotate your OAuth client secret without downtime. Cal.com supports up to two active secrets per client at the same time, so you can transition gracefully.
+
+<Steps>
+  <Step title="Generate a new secret">
+    In your Cal.com dashboard, go to your OAuth client settings and create a new secret. Both your old and new secrets are now valid.
+  </Step>
+  <Step title="Update your application">
+    Replace the old `client_secret` value in your application with the new one. Verify that token exchanges and refreshes work with the new secret.
+  </Step>
+  <Step title="Delete the old secret">
+    Once your application is using the new secret, delete the old one from your OAuth client settings.
+  </Step>
+</Steps>
+
+<Warning>
+  You cannot delete your last remaining secret. Confidential OAuth clients must always have at least one active secret.
+</Warning>
+
 ### Authorization URL
 
 To initiate the OAuth flow, direct users to the following authorization URL: