Create Credential
Endpoint
POST /apiops/projects/{projectName}/credentials/
Authentication
Requires a Personal API Access Token.
Header
Authorization: Bearer YOUR_TOKEN
Request
Headers
| Header | Value | Required |
|---|---|---|
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
Request Body
Full JSON Body Example - Basic Credential
{
"email": "user@example.com",
"fullName": "John Doe",
"description": "API user credential",
"username": "api-user",
"password": "SecurePassword123!",
"roleNameList": [
"API_USER"
],
"enabled": true,
"ipList": [],
"expireDate": null
}
Full JSON Body Example - Credential with IP Restrictions
{
"email": "restricted@example.com",
"fullName": "Restricted User",
"description": "Credential with IP restrictions",
"username": "restricted-user",
"password": "SecurePassword123!",
"roleNameList": [
"API_USER",
"DEVELOPER"
],
"enabled": true,
"ipList": [
"192.168.1.100",
"10.0.0.0/8",
"172.16.0.0/12"
],
"expireDate": null
}
Full JSON Body Example - Credential with Expiration Date
{
"email": "temporary@example.com",
"fullName": "Temporary User",
"description": "Temporary credential with expiration",
"username": "temp-user",
"password": "SecurePassword123!",
"roleNameList": [
"API_USER"
],
"enabled": true,
"ipList": [],
"expireDate": "2024-12-31T23:59:59.000Z"
}
Full JSON Body Example - Disabled Credential
{
"email": "disabled@example.com",
"fullName": "Disabled User",
"description": "Disabled credential",
"username": "disabled-user",
"password": "SecurePassword123!",
"roleNameList": [
"API_USER"
],
"enabled": false,
"ipList": [],
"expireDate": null
}
Request Body Fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| string | Yes | - | Email address of the credential holder | |
| fullName | string | Yes | - | Full name of the credential holder |
| description | string | No | - | Description of the credential |
| username | string | Yes | - | Username (unique identifier, must be unique across all credentials) |
| password | string | Yes | - | Password for the credential |
| roleNameList | array[string] | No | [] | List of role names assigned to the credential |
| enabled | boolean | No | true | Whether the credential is enabled |
| ipList | array[string] | No | [] | List of allowed IP addresses/CIDR ranges |
| expireDate | string|null | No | null | Expiration date in ISO 8601 format (e.g., "2024-12-31T23:59:59.000Z") |
Notes
usernamemust be unique across all credentialspasswordmust not be emptyemailmust be a valid email address formatfullNamemust not be emptyroleNameListmust contain valid role names that exist in the systemipListcan contain individual IP addresses (e.g., "192.168.1.100") or CIDR ranges (e.g., "10.0.0.0/8")expireDateis in ISO 8601 format (UTC). Usenullfor no expirationenableddefaults totrueif not specified- Credential is automatically deployed to all environments in the project
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"message": "Deployment completed successfully",
"environmentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployed successfully"
},
{
"environmentName": "staging",
"success": true,
"message": "Deployed successfully"
}
]
}
}
Response Fields
| Field | Type | Description |
|---|---|---|
| success | boolean | Indicates if the request was successful |
| deploymentResult | object | Deployment result. See Deployment Result Object |
Deployment Result Object
| Field | Type | Description |
|---|---|---|
| success | boolean | Overall deployment success status |
| message | string | Deployment message |
| environmentResults | array[object] | Results per environment |
Environment Result Object
| Field | Type | Description |
|---|---|---|
| environmentName | string | Environment name |
| success | boolean | Deployment success status for this environment |
| message | string | Deployment message for this environment |
Error Response (400 Bad Request)
{
"error": "bad_request",
"error_description": "Credential username can not be empty!"
}
or
{
"error": "bad_request",
"error_description": "Credential password can not be empty!"
}
or
{
"error": "bad_request",
"error_description": "Credential full name can not be empty!"
}
or
{
"error": "bad_request",
"error_description": "Credential email can not be empty!"
}
or
{
"error": "bad_request",
"error_description": "There is already a credential has this name!"
}
Common Causes
- Missing required fields (
username,password,fullName,email) - Username already exists
- Invalid email format
- Invalid role names in
roleNameList - Invalid date format for
expireDate
Error Response (401 Unauthorized)
{
"error": "unauthorized_client",
"error_description": "Invalid token"
}
Error Response (404 Not Found)
{
"error": "not_found",
"error_description": "Project(MyProject) was not found or user does not have privilege to access it!"
}
cURL Example
Example 1: Create Basic Credential
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/credentials/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"fullName": "John Doe",
"description": "API user credential",
"username": "api-user",
"password": "SecurePassword123!",
"roleNameList": [
"API_USER"
],
"enabled": true,
"ipList": [],
"expireDate": null
}'
Example 2: Create Credential with IP Restrictions
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/credentials/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "restricted@example.com",
"fullName": "Restricted User",
"username": "restricted-user",
"password": "SecurePassword123!",
"roleNameList": [
"API_USER"
],
"enabled": true,
"ipList": [
"192.168.1.100",
"10.0.0.0/8"
],
"expireDate": null
}'
Example 3: Create Credential with Expiration
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/credentials/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"email": "temporary@example.com",
"fullName": "Temporary User",
"username": "temp-user",
"password": "SecurePassword123!",
"roleNameList": [
"API_USER"
],
"enabled": true,
"ipList": [],
"expireDate": "2024-12-31T23:59:59.000Z"
}'
Notes and Warnings
-
Username Uniqueness:
- Username must be unique across all credentials
- If username already exists, creation will fail
-
Password Requirements:
- Password must not be empty
- Use strong passwords for security
- Passwords are stored securely (hashed)
-
Email Validation:
- Email must be provided and not empty
- Email format should be valid
-
Full Name:
- Full name must be provided and not empty
- Used for identification purposes
-
Role Names:
- Role names must exist in the system
- Invalid role names will cause validation errors
- Empty role list is allowed (no roles assigned)
-
IP Restrictions:
- IP list can contain individual IPs or CIDR ranges
- Empty IP list means no IP restrictions
- Invalid IP formats may cause errors
-
Expiration Date:
- Use ISO 8601 format (UTC): "YYYY-MM-DDTHH:mm:ss.sssZ"
- Use
nullfor no expiration - Expired credentials cannot be used for authentication
-
Enabled Status:
- Defaults to
trueif not specified - Disabled credentials cannot be used for authentication
- Defaults to
-
Automatic Deployment:
- Credential is automatically deployed to all environments
- Deployment results are returned in the response
- Failed deployments are included in
environmentResults
Permissions
- User must have
IDENTITY+MANAGEpermission in the project - For automatic deployment, user must also have
IDENTITY+DEPLOY_UNDEPLOYpermission
Related Documentation
- List Credentials - List all credentials
- Update Credential - Update a credential
- Change Credential Password - Change credential password
- Grant Access - Grant access to API Proxy or Group