Credentials
Manage webhook authentication credentials
Credentials store authentication secrets for external services used by HTTP tools. Storing credentials separately from tool configurations means secrets are never embedded in the workflow definition.
Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /credentials/ | List all credentials (names and metadata only — no secrets) |
| POST | /credentials/ | Create a new credential |
| GET | /credentials/{uuid} | Get a credential's metadata |
| PUT | /credentials/{uuid} | Update a credential |
| DELETE | /credentials/{uuid} | Delete a credential (soft delete) |
Create a Credential
POST
/credentials/Request body — CreateCredentialRequest:
Response
json
{
"name": "CRM API Key",
"type": "bearer",
"value": "Bearer eyJhbGciOiJSUzI1NiJ9..."
}| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Required | Display name — how it appears in the editor and MCP list_credentials results |
type | string | Required | Credential type: "bearer", "basic", "api_key", or "custom" |
value | string | Required | The actual secret value — stored encrypted, never returned after creation |
Using Credentials in Tools
Reference a credential by its name in tool headers or body templates:
json
{
"headers": {
"Authorization": "{{CRM API Key}}"
}
}The runtime resolves the credential at call time — the secret is never stored in the workflow definition.
List Credentials (MCP)
Via MCP, use list_credentials — returns names and IDs only, never secret values.
Was this page helpful?
Open Dashboard →