Endpoints

Credential Stores

Copy page

Operations for managing credential stores

List Credential Stores

GET
/manage/tenants/{tenantId}/projects/{projectId}/credential-stores

Authorization

bearerAuth cookieAuth
AuthorizationBearer <token>

Bearer token authentication. Use this for API clients and service-to-service communication. Set the Authorization header to "Bearer ".

In: header

better-auth.session_token<token>

Session-based authentication using HTTP-only cookies. Cookies are automatically sent by browsers. For server-side requests, include cookies with names starting with "better-auth." in the Cookie header.

In: cookie

Path Parameters

tenantId*string

Tenant identifier

projectId*string

Project identifier

Match^[a-z0-9]([a-z0-9-]*[a-z0-9])?$
Length1 <= length <= 255

Response Body

application/json

application/problem+json

application/problem+json

application/problem+json

application/problem+json

application/problem+json

application/problem+json

curl -X GET "https://api.pilot.inkeep.com/manage/tenants/tenant_123/projects/project-456/credential-stores"
{
  "data": [
    {
      "available": true,
      "id": "string",
      "reason": "string",
      "type": "memory"
    }
  ]
}
{
  "code": "bad_request",
  "detail": "Bad Request",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 400,
  "title": "Bad Request",
  "error": {
    "code": "bad_request",
    "message": "Bad Request"
  }
}
{
  "code": "unauthorized",
  "detail": "Unauthorized",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 401,
  "title": "Unauthorized",
  "error": {
    "code": "unauthorized",
    "message": "Unauthorized"
  }
}
{
  "code": "forbidden",
  "detail": "Forbidden",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 403,
  "title": "Forbidden",
  "error": {
    "code": "forbidden",
    "message": "Forbidden"
  }
}
{
  "code": "not_found",
  "detail": "Not Found",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 404,
  "title": "Not Found",
  "error": {
    "code": "not_found",
    "message": "Not Found"
  }
}
{
  "code": "unprocessable_entity",
  "detail": "Unprocessable Entity",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 422,
  "title": "Unprocessable Entity",
  "error": {
    "code": "unprocessable_entity",
    "message": "Unprocessable Entity"
  }
}
{
  "code": "internal_server_error",
  "detail": "Internal Server Error",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 500,
  "title": "Internal Server Error",
  "error": {
    "code": "internal_server_error",
    "message": "Internal Server Error"
  }
}

Create Credential in Store

POST
/manage/tenants/{tenantId}/projects/{projectId}/credential-stores/{id}/credentials

Authorization

bearerAuth cookieAuth
AuthorizationBearer <token>

Bearer token authentication. Use this for API clients and service-to-service communication. Set the Authorization header to "Bearer ".

In: header

better-auth.session_token<token>

Session-based authentication using HTTP-only cookies. Cookies are automatically sent by browsers. For server-side requests, include cookies with names starting with "better-auth." in the Cookie header.

In: cookie

Path Parameters

tenantId*string

Tenant identifier

projectId*string

Project identifier

Match^[a-z0-9]([a-z0-9-]*[a-z0-9])?$
Length1 <= length <= 255
id*string

Resource identifier

Match^[a-zA-Z0-9\-_.]+$
Length1 <= length <= 255

Request Body

application/json

key*string

The credential key

metadata?

Credential metadata. Keys are injected as HTTP headers on outbound MCP server requests, so they must be valid HTTP header names.

value*string

The credential value

Response Body

application/json

application/problem+json

application/problem+json

application/problem+json

application/problem+json

application/problem+json

application/problem+json

curl -X POST "https://api.pilot.inkeep.com/manage/tenants/tenant_123/projects/project-456/credential-stores/resource_789/credentials" \  -H "Content-Type: application/json" \  -d '{    "key": "string",    "value": "string"  }'
{
  "data": {
    "createdAt": "string",
    "key": "string",
    "storeId": "string"
  }
}
{
  "code": "bad_request",
  "detail": "Bad Request",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 400,
  "title": "Bad Request",
  "error": {
    "code": "bad_request",
    "message": "Bad Request"
  }
}
{
  "code": "unauthorized",
  "detail": "Unauthorized",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 401,
  "title": "Unauthorized",
  "error": {
    "code": "unauthorized",
    "message": "Unauthorized"
  }
}
{
  "code": "forbidden",
  "detail": "Forbidden",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 403,
  "title": "Forbidden",
  "error": {
    "code": "forbidden",
    "message": "Forbidden"
  }
}
{
  "code": "not_found",
  "detail": "Not Found",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 404,
  "title": "Not Found",
  "error": {
    "code": "not_found",
    "message": "Not Found"
  }
}
{
  "code": "unprocessable_entity",
  "detail": "Unprocessable Entity",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 422,
  "title": "Unprocessable Entity",
  "error": {
    "code": "unprocessable_entity",
    "message": "Unprocessable Entity"
  }
}
{
  "code": "internal_server_error",
  "detail": "Internal Server Error",
  "instance": "/conversations/123",
  "requestId": "req_1234567890",
  "status": 500,
  "title": "Internal Server Error",
  "error": {
    "code": "internal_server_error",
    "message": "Internal Server Error"
  }
}

Credential Gateway

RFC 8693 token exchange and platform discovery endpoints

Credentials

Operations for managing credentials