Description
Use a HTTP POST request to create a AWS credential.
Request
HTTP Method: POST
| Parameter | Description |
|---|---|
| name | Name of the credential. |
| mode | Describes the type of credential (AWS) |
| team_id | ID of Tines Team where the credential will be located. |
| aws_authentication_type | The authentication method with AWS, key-based-access or role-based-access(KEY, ROLE, INSTANCE_PROFILE) |
| aws_access_key | The access key from your AWS Security Credentials |
| aws_secret_key | The access secret from your AWS Security Credentials |
| aws_assumed_role_arn | Required for role-based-access The ARN of the role you wish to assume, e.g.: arn:aws:iam::123456789012:role/write-access-role |
| folder_id | Optional ID of folder to which the credential will be located |
| read_access | Optional Control where this credential can be used (TEAM, GLOBAL, SPECIFIC_TEAMS). default: TEAM. (SPECIFIC_TEAMS is a premium feature. Reach out to find out more.) |
| shared_team_slugs | Optional List of teams' slugs where this credential can be used. Required to set read_access to SPECIFIC_TEAMS. default: [] (empty array). |
| description | Optional Description of the credential. default: "" (empty string) |
| metadata | Optional Key/value metadata relevant to the credential that can be referenced via the INFO path. |
| allowed_hosts | Optional Array of domains where this credential can only be used in HTTP requests. Domain matching supports wildcards. |
| live_credential_id | Optional ID of the live credential |
Sample request
curl -X POST \
https://<<META.tenant.domain>>/api/v1/user_credentials \
-H 'content-type: application/json' \
-H 'Authorization: Bearer <<CREDENTIAL.tines_api_key>>' \
-d '{
"name": "aws credential",
"mode": "AWS",
"team_id": 2,
"aws_authentication_type": "ROLE",
"aws_access_key": "v_access_key",
"aws_secret_key": "v_secret_key",
"aws_assumed_role_arn": "v_role_arn"
}'
Response
A successful request will return a JSON object describing the created credential.
Field description
| Parameter | Description |
|---|---|
| id | credential ID. |
| name | Name of the credential. |
| mode | Describes the type of credential (TEXT, JWT, OAUTH, AWS, MTLS, HTTP_REQUEST_AGENT, MULTI_REQUEST). |
| team_id | ID of team to which the credential belongs. |
| folder_id | ID of folder to which the credential belongs. |
| read_access | Control where this credential can be used (TEAM, GLOBAL, SPECIFIC_TEAMS). |
| shared_team_slugs | List of teams' slugs where this credential can be used when read_access is SPECIFIC_TEAMS, otherwise empty. |
| description | Description of the credential. |
| slug | An underscored representation of the credential name |
| created_at | ISO 8601 Timestamp representing date and time the credential was created. |
| updated_at | ISO 8601 Timestamp representing date and time the credential was last updated. |
| aws_assumed_role_external_id | External ID generated for the remote role in your AWS account. |
| aws_authentication_type | The authentication method with AWS, key-based-access or role-based-access(KEY, ROLE, INSTANCE_PROFILE) |
| allowed_hosts | Array of domains where this credential can only be used in HTTP requests. |
| metadata | Key/value metadata relevant to the credential |
| restriction_type | The type of restriction applied to the use of the credential (RESTRICTED,RESTRICTED_TO_CREDENTIALS ,UNRESTRICTED ) |
| test_credential_enabled | A boolean value stating if the credential is enabled for using a test credential |
| test_credential | Data specific to the test credential (created_at and updated_at) |
Sample response
{
"id": 1,
"name": "tines_api_credential",
"mode": "AWS",
"team_id": 2,
"folder_id": 1,
"read_access": "TEAM",
"shared_team_slugs": [],
"slug": "tines_api_credential",
"created_at": "2021-03-26T12:34:16.540Z",
"updated_at": "2021-03-26T12:34:16.540Z",
"description": "",
"aws_assumed_role_external_id": "1e52dbcf-3621-4969-9bf6-3fd2699db84b",
"aws_authentication_type": "ROLE",
"allowed_hosts": [],
"metadata": {},
"restriction_type": "UNRESTRICTED",
"test_credential_enabled": false
}