API ReferenceCore API
Credentials API
Create and manage proxy and target credentials programmatically
Credentials API
Create and manage proxy and target credentials programmatically.
Endpoints
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/clients/{clientId}/credentials | List all credentials |
| POST | /api/clients/{clientId}/credentials | Create a credential |
| GET | /api/clients/{clientId}/credentials/{credentialId} | Get credential details |
| PUT | /api/clients/{clientId}/credentials/{credentialId} | Update credential |
| DELETE | /api/clients/{clientId}/credentials/{credentialId} | Delete credential |
Credentials are encrypted at rest using AES-256-GCM encryption and stored regionally based on the credentialRegion parameter.
Credential Types
- proxy: Used by your application to authenticate with RequestRocket
- target: Used by RequestRocket to authenticate with target APIs
Auth Types
| Type | Available For | Description |
|---|---|---|
apiKey | Proxy, Target | API Key authentication |
bearer | Proxy, Target | Bearer token authentication |
jwt | Proxy, Target | JWT token authentication |
basicAuth | Proxy, Target | Basic authentication (username/password) |
oauth2 | Target only | OAuth2 authentication (authorization_code, client_credentials, PKCE) |
customToken | Target only | Custom token fetching via HTTP request |
custom | Target only | Custom authentication headers |
none | Target only | No authentication |
jwtVerify | Proxy only | Cryptographic JWT verification via JWKS endpoint or shared secret (SPIFFE/SPIRE, Auth0, Okta, Cognito) |
List Credentials
Get all credentials for a client. By default, temporary OAuth2 credentials (pending authorization) are excluded.
Request
GET /api/clients/{clientId}/credentials?includeTemporary=false HTTP/1.1
Host: api.requestrocket.com
Authorization: {user_token}Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
includeTemporary | boolean | No | Include temporary OAuth2 credentials awaiting authorization (default: false) |
Response
{
"credentials": [
{
"pKey": "550e8400-e29b-41d4-a716-446655440000",
"sKey": "cred_123e4567",
"credentialType": "proxy",
"credentialAuthType": "apiKey",
"credentialName": "Production API Key",
"credentialRegion": "us-east-1",
"credentialDefaultRuleEffect": "allow",
"credentialCreatedAt": "2024-01-15T10:30:00.000Z",
"credentialUpdatedAt": "2024-01-20T14:22:00.000Z",
"userId": "123e4567-e89b-12d3-a456-426614174000",
"clientId": "550e8400-e29b-41d4-a716-446655440000",
"parentId": "550e8400-e29b-41d4-a716-446655440000",
}
],
"message": "Success"
}Credential secrets are returned without a credentialSecret in the response for security purposes.
Example
const response = await fetch(
`https://api.requestrocket.com/api/clients/${clientId}/credentials?includeTemporary=false`,
{
headers: {
'Authorization': process.env.USER_TOKEN
}
}
);
const data = await response.json();
console.log('Credentials:', data.credentials);import requests
import os
client_id = "your-client-id"
response = requests.get(
f'https://api.requestrocket.com/api/clients/{client_id}/credentials',
headers={'Authorization': os.getenv('USER_TOKEN')},
params={'includeTemporary': False}
)
data = response.json()
print(f"Found {len(data['credentials'])} credentials")package main
import (
"encoding/json"
"fmt"
"io"
"net/http"
"os"
)
type Response struct {
Credentials []map[string]interface{} `json:"credentials"`
Message string `json:"message"`
}
func main() {
clientId := "your-client-id"
url := fmt.Sprintf("https://api.requestrocket.com/api/clients/%s/credentials?includeTemporary=false", clientId)
req, _ := http.NewRequest("GET", url, nil)
req.Header.Set("Authorization", os.Getenv("USER_TOKEN"))
client := &http.Client{}
resp, _ := client.Do(req)
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
var result Response
json.Unmarshal(body, &result)
fmt.Printf("Credentials: %v\n", result.Credentials)
}import java.net.http.*;
import java.net.URI;
import com.google.gson.*;
public class ListCredentials {
public static void main(String[] args) throws Exception {
String clientId = "your-client-id";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://api.requestrocket.com/api/clients/" + clientId + "/credentials?includeTemporary=false"))
.header("Authorization", System.getenv("USER_TOKEN"))
.GET()
.build();
HttpResponse<String> response = client.send(request,
HttpResponse.BodyHandlers.ofString());
JsonObject json = JsonParser.parseString(response.body()).getAsJsonObject();
JsonArray credentials = json.getAsJsonArray("credentials");
System.out.println("Found " + credentials.size() + " credentials");
}
}curl -X GET "https://api.requestrocket.com/api/clients/${CLIENT_ID}/credentials?includeTemporary=false" \
-H "Authorization: ${USER_TOKEN}"Create Credential
Create a new credential.
Request
POST /clients/{clientId}/credentials HTTP/1.1
Content-Type: application/json
{
"credentialName": "My API Key",
"credentialType": "proxy",
"authType": "apiKey",
"region": "us-east-1",
"singleUse": false,
"secret": {
"keyName": "X-API-Key",
"keyValue": "secret-key-value"
}
}Request Body
| Field | Type | Required | Description |
|---|---|---|---|
credentialName | string | Yes | Name for the credential |
credentialType | string | Yes | proxy or target |
authType | string | Yes | Authentication type |
region | string | Yes | AWS region |
singleUse | boolean | No | Delete after first use (default: false) |
secret | object | Yes | Authentication details (varies by authType) |
Secret Formats
{
"secret": {
"keyName": "X-API-Key",
"keyValue": "your-api-key"
}
}{
"secret": {
"token": "your-bearer-token"
}
}{
"secret": {
"username": "user",
"password": "pass"
}
}{
"secret": {
"token": "your-jwt-token"
}
}{
"secret": {
"algorithms": ["RS256"],
"issuer": "spiffe://acmecorp.com",
"audience": "https://global.requestrocket.net",
"subject": "spiffe://acmecorp.com/agents/billing-processor",
"jwksUri": "https://spire.acmecorp.com/bundle",
"clockSkewSeconds": 30,
"failPolicy": "fail-closed"
}
}Response
{
"credentials": [
{
"pKey": "550e8400-e29b-41d4-a716-446655440000",
"sKey": "cred_123e4567",
"credentialType": "proxy",
"credentialAuthType": "apiKey",
"credentialName": "Production API Key",
"credentialRegion": "us-east-1",
"credentialDefaultRuleEffect": "allow",
"credentialCreatedAt": "2024-01-15T10:30:00.000Z",
"credentialUpdatedAt": "2024-01-20T14:22:00.000Z",
"userId": "123e4567-e89b-12d3-a456-426614174000",
"clientId": "550e8400-e29b-41d4-a716-446655440000",
"parentId": "550e8400-e29b-41d4-a716-446655440000",
}
],
"message": "Success"
}Example
const response = await fetch(
`https://api.requestrocket.com/api/clients/${clientId}/credentials`,
{
method: 'POST',
headers: {
'Authorization': process.env.USER_TOKEN,
'Content-Type': 'application/json'
},
body: JSON.stringify({
credentialName: 'My API Key',
credentialType: 'proxy',
authType: 'apiKey',
region: 'us-east-1',
singleUse: false,
secret: {
keyName: 'X-API-Key',
keyValue: 'secret-key-value'
}
})
}
);
const data = await response.json();
console.log('Created credential:', data.credentials[0]);import requests
import os
client_id = "your-client-id"
response = requests.post(
f'https://api.requestrocket.com/api/clients/{client_id}/credentials',
headers={'Authorization': os.getenv('USER_TOKEN')},
json={
'credentialName': 'My API Key',
'credentialType': 'proxy',
'authType': 'apiKey',
'region': 'us-east-1',
'singleUse': False,
'secret': {
'keyName': 'X-API-Key',
'keyValue': 'secret-key-value'
}
}
)
data = response.json()
print(f"Created: {data['credentials'][0]['credentialName']}")package main
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
"os"
)
type CredentialRequest struct {
CredentialName string `json:"credentialName"`
CredentialType string `json:"credentialType"`
AuthType string `json:"authType"`
Region string `json:"region"`
SingleUse bool `json:"singleUse"`
Secret map[string]interface{} `json:"secret"`
}
func main() {
clientId := "your-client-id"
requestBody, _ := json.Marshal(CredentialRequest{
CredentialName: "My API Key",
CredentialType: "proxy",
AuthType: "apiKey",
Region: "us-east-1",
SingleUse: false,
Secret: map[string]interface{}{
"keyName": "X-API-Key",
"keyValue": "secret-key-value",
},
})
url := fmt.Sprintf("https://api.requestrocket.com/api/clients/%s/credentials", clientId)
req, _ := http.NewRequest("POST", url, bytes.NewBuffer(requestBody))
req.Header.Set("Authorization", os.Getenv("USER_TOKEN"))
req.Header.Set("Content-Type", "application/json")
client := &http.Client{}
resp, _ := client.Do(req)
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}import java.net.http.*;
import java.net.URI;
import com.google.gson.*;
public class CreateCredential {
public static void main(String[] args) throws Exception {
String clientId = "your-client-id";
String json = "{"
+ "\"credentialName\": \"My API Key\","
+ "\"credentialType\": \"proxy\","
+ "\"authType\": \"apiKey\","
+ "\"region\": \"us-east-1\","
+ "\"singleUse\": false,"
+ "\"secret\": {"
+ "\"keyName\": \"X-API-Key\","
+ "\"keyValue\": \"secret-key-value\""
+ "}"
+ "}";
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://api.requestrocket.com/api/clients/" + clientId + "/credentials"))
.header("Authorization", System.getenv("USER_TOKEN"))
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(json))
.build();
HttpResponse<String> response = client.send(request,
HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());
}
}curl -X POST "https://api.requestrocket.com/api/clients/${CLIENT_ID}/credentials" \
-H "Authorization: ${USER_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"credentialName": "My API Key",
"credentialType": "proxy",
"authType": "apiKey",
"region": "us-east-1",
"singleUse": false,
"secret": {
"keyName": "X-API-Key",
"keyValue": "secret-key-value"
}
}'