x-cpod-domain: credentials
Credentials
Stored credentials (API keys, OAuth tokens) for use by integrations and connectors.
Try in explorer
client.credentialsCredential
A stored credential — opaque secret material with metadata.
REST path
/api/v1/credentialsOperations
listgetcreaterevokeSDK
// list — returns only your records; add filters/search:
await client.credentials.credentials.list()
// create:
await client.credentials.credentials.create({
id: "rec_01HXEXAMPLE",
tenant_id: "example tenant_id",
created_at: "2026-01-01T00:00:00Z",
updated_at: "2026-01-01T00:00:00Z",
app_id: "example app_id",
created_by: "rec_01HXEXAMPLE",
})| Field | Type | Description |
|---|---|---|
| id* | uuid | Server-assigned ULID with type prefix (e.g. per_…). |
| tenant_id* | string | Tenant scope — auto-stamped from the caller's JWT. |
| app_id | string | App scope. Stamped ONLY when the caller's JWT was minted for a specific Application (integration API keys). Absent for human-user sessions. Filters reads when present. |
| created_at* | date-time | Server stamp. |
| updated_at* | date-time | Server stamp; updated on every patch. |
| created_by | uuid | Person id from the caller's JWT (sub). |
| updated_by | uuid | Person id from the last writer's JWT (sub). |
| source | string | Provenance tag — defaults to 'edm'. |
| source_type | enum | Where the write originated. Defaults to 'api'.frontendbackendserversystemapi |
| is_deleted | boolean | Soft-delete flag. Excluded from default list queries. |
| deleted_at | date-time | Stamped when soft-deleted; null otherwise. |
| deleted_by | uuid | Person id who soft-deleted; null otherwise. |
| schema_version | number | Document schema version. Bumped on incompatible writes. |
| label | string | — |
| scope | json | Free-form scope hints (e.g. {service: 'slack', tenant: '…'}). |
| secret | string | Returned once at create time; never re-emitted. |
| name | string | Human-readable label for this credential — required. |
| type | enum | Credential classification.api_keyservice_accountwebhook_tokenvirtual_llm |
| kind | enum | Canonical key classification.serviceuservirtual_llmwebhook_signing |
| description | string | Free-form description of the credential's purpose. |
| status | enum | Lifecycle state.activerevokedexpired |
| scopes | json | Permission scopes granted to this credential (e.g. edm:read). |
| issued_to_user_id | uuid | User this credential was issued to, if type=user. |
| issued_to_service | string | Service this credential was issued to, if type=service. |
| allowed_models | json | Allowlist of model identifiers for type=virtual_llm. |
| tpm_limit | integer | Tokens-per-minute rate limit. |
| rpm_limit | integer | Requests-per-minute rate limit. |
| max_budget_usd | number | Maximum spend cap in USD. |
| spend_usd | number | Cached spend counter in USD. |
| blocked | boolean | Whether this key is blocked from making requests. |
| blocked_reason | string | Reason the key was blocked. |
| rotated_from_key_id | uuid | ID of the key this was rotated from. |
| created_by_user_id | uuid | ID of the user who created this key. |
| prefix | string | First 8 chars of the raw key for UI display (alias of key_prefix). |
| key_hash | string | SHA-256 hash of the raw key; never returned after creation. |
| key_prefix | string | First chars of the raw secret, for UI display. |
| secret_fingerprint | string | HMAC-SHA256 fingerprint of the raw secret; raw secret never persisted. |
| expires_at | date-time | Expiry timestamp; omit for non-expiring credentials. |
| last_used_at | date-time | Timestamp of the last successful use. |
| tags | json | Free-form labels for grouping credentials. |