--- title: "Create: AWS type" url: https://www.tines.com/docs/api/credentials/create-aws/ updated: 2026-04-02T11:20:04+00:00 description: Use a HTTP POST request to create a [AWS](/docs/credentials/aws) credential. --- *[tines.com](https://www.tines.com/llms.txt) › [Docs](https://www.tines.com/llms.txt) › [Tines API](https://www.tines.com/llms.txt) › [Credentials](https://www.tines.com/llm/docs/api/credentials.md)* # Create: AWS type *[View on tines.com](https://www.tines.com/docs/api/credentials/create-aws/)* ## Description Use a HTTP POST request to create a [AWS](/docs/credentials/aws) credential. ## Request HTTP Method: **POST** | Parameter | Description | | ------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | name | Name of the credential. | | mode | Describes the type of credential (`AWS`) | | team_id | ID of Tines Team where the credential will be located. | | aws_authentication_type | The authentication method with AWS, key-based-access or role-based-access(`KEY`, `ROLE`, `INSTANCE_PROFILE`) | | aws_access_key | The `access key` from your [AWS Security Credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) | | aws_secret_key | The `access secret` from your [AWS Security Credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) | | aws_assumed_role_arn | **Required for role-based-access** The ARN of the role you wish to assume, e.g.: `arn:aws:iam::123456789012:role/write-access-role` | | use_static_external_id | **Optional** Boolean to indicate whether the credential should use a [team-scoped static external ID](/docs/credentials/aws/#static-external-ids) | | folder_id | **Optional** ID of folder to which the credential will be located | | read_access | **Optional** Control where this credential can be used (`TEAM`, `GLOBAL`, `SPECIFIC_TEAMS`). default: `TEAM`. (`SPECIFIC_TEAMS` is a premium feature. [Reach out to find out more](https://tines.com/contact-support).) | | shared_team_slugs | **Optional** List of teams' slugs where this credential can be used. Required to set `read_access` to `SPECIFIC_TEAMS`. default: `[]` (empty array). | | description | **Optional** Description of the credential. default: `""` (empty string) | | metadata | **Optional** Key/value metadata relevant to the credential that can be referenced via the INFO path. | | allowed_hosts | **Optional** Array of domains where this credential can only be used in HTTP requests. Domain matching supports wildcards. | | live_credential_id | **Optional** ID of the live credential | | expires_at | **Optional** ISO 8601 Timestamp representing date and time the credential will expire. Default: `null`. See: [Credential expiry](https://www.tines.com/docs/credentials/credential-configuration/expiry) | | expiry_notifications_enabled | **Optional** A boolean value stating whether or not expiry notifications are enabled. Default: `false`. See: [Credential expiry email reminders](https://www.tines.com/docs/credentials/credential-configuration/expiry/#email-reminders) | | credential_notification_recipient_user_ids | **Optional** List of user IDs that will be sent credential notifications (e.g. expiry notifications) | ### Sample request ```bash curl -X POST \ https:///api/v1/user_credentials \ -H 'content-type: application/json' \ -H 'Authorization: Bearer <>' \ -d '{ "name": "aws credential", "mode": "AWS", "team_id": 2, "aws_authentication_type": "ROLE", "aws_access_key": "v_access_key", "aws_secret_key": "v_secret_key", "aws_assumed_role_arn": "v_role_arn" }' ``` ## Response A successful request will return a JSON object describing the created credential. ### Field description | Parameter | Description | | ------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | id | credential ID. | | name | Name of the credential. | | mode | Describes the type of credential (`TEXT, JWT, OAUTH, AWS, MTLS, HTTP_REQUEST_AGENT, MULTI_REQUEST`). | | team_id | ID of team to which the credential belongs. | | folder_id | ID of folder to which the credential belongs. | | read_access | Control where this credential can be used (`TEAM`, `GLOBAL`, `SPECIFIC_TEAMS`). | | shared_team_slugs | List of teams' slugs where this credential can be used when `read_access` is `SPECIFIC_TEAMS`, otherwise empty. | | description | Description of the credential. | | slug | An underscored representation of the credential name | | created_at | ISO 8601 Timestamp representing date and time the credential was created. | | updated_at | ISO 8601 Timestamp representing date and time the credential was last updated. | | aws_assumed_role_external_id | External ID generated for the remote role in your AWS account. | | use_static_external_id | A boolean value stating if the credential uses a team scoped static external ID. | | aws_authentication_type | The authentication method with AWS, key-based-access or role-based-access(`KEY`, `ROLE`, `INSTANCE_PROFILE`) | | allowed_hosts | Array of domains where this credential can only be used in HTTP requests. | | metadata | Key/value metadata relevant to the credential | | restriction_type | The type of restriction applied to the use of the credential (`RESTRICTED`,`RESTRICTED_TO_CREDENTIALS` ,`UNRESTRICTED` ) | | test_credential_enabled | A boolean value stating if the credential is enabled for using a test credential | | test_credential | Data specific to the test credential (`created_at` and `updated_at`) | | owner | An object representing the user who owns this credential. By default, the owner is the user who created the credential. | | expires_at | ISO 8601 Timestamp representing date and time the credential will expire. Default: `null`. See: [Credential expiry](https://www.tines.com/docs/credentials/credential-configuration/expiry) | | expiry_notifications_enabled | A boolean value stating whether or not expiry notifications are enabled. Default: `false`. See: [Credential expiry email reminders](https://www.tines.com/docs/credentials/credential-configuration/expiry/#email-reminders) | | credential_notification_recipient_user_ids | List of user IDs that will be sent credential notifications (e.g. expiry notifications) | ### Sample response ```json { "id": 1, "name": "tines_api_credential", "mode": "AWS", "team_id": 2, "folder_id": 1, "read_access": "TEAM", "shared_team_slugs": [], "slug": "tines_api_credential", "created_at": "2021-03-26T12:34:16.540Z", "updated_at": "2021-03-26T12:34:16.540Z", "description": "", "aws_assumed_role_external_id": "1e52dbcf-3621-4969-9bf6-3fd2699db84b", "use_static_external_id": false, "aws_authentication_type": "ROLE", "allowed_hosts": [], "metadata": {}, "restriction_type": "UNRESTRICTED", "test_credential_enabled": false, "owner": { "user_id": 1, "first_name": "Jane", "last_name": "Doe", "email": "jane@tines.io" } } ```