Create a vault

POST /v1/vaults Creates a new Vault. A Vault is used to securely store credentials for MCP servers. At least one credential must be provided when creating a vault.

Headers

Header	Required	Description
`Authorization`	Yes	`Bearer $QODER_PAT`
`Content-Type`	Yes	`application/json`

Request body

Field	Type	Required	Description
`display_name`	string	Yes	Vault display name
`credentials`	array	Yes	Array of credentials. Must contain at least one credential object

`credentials` array element

Field	Type	Required	Description
`mcp_server_url`	string	Yes	MCP server URL
`protocol`	string	Yes	Protocol type. One of: `sse`, `streamable_http`
`type`	string	Yes	Credential type. Currently only `static_bearer` is supported
`access_token`	string	Yes	Access token (required for `static_bearer` type)

Example request

curl -X POST https://api.qoder.com/api/v1/cloud/vaults \
  -H "Authorization: Bearer $QODER_PAT" \
  -H "Content-Type: application/json" \
  -d '{
    "display_name": "my-mcp-vault",
    "credentials": [
      {
        "mcp_server_url": "https://example.com/mcp",
        "protocol": "sse",
        "type": "static_bearer",
        "access_token": "your-access-token"
      }
    ]
  }'

Example response

HTTP 201 Created

{
  "id": "vault_019e3bb940277f0db05ab74291acf6ef",
  "type": "vault",
  "display_name": "my-mcp-vault",
  "status": "active",
  "metadata": {},
  "credentials": [
    {
      "id": "vcred_019e3bb940297658a632dbf920057eff",
      "vault_id": "vault_019e3bb940277f0db05ab74291acf6ef",
      "mcp_server_url": "https://example.com/mcp",
      "protocol": "sse",
      "type": "static_bearer",
      "status": "active",
      "created_at": "2026-05-18T15:34:16.876188Z",
      "updated_at": "2026-05-18T15:34:16.876188Z"
    }
  ],
  "created_at": "2026-05-18T15:34:16.874877Z",
  "updated_at": "2026-05-18T15:34:16.874877Z"
}

Errors

HTTP	Type	Trigger
400	`invalid_request_error`	Missing `credentials` array: “At least one credential is required when creating a vault.”
400	`invalid_request_error`	Missing `access_token`: “Field ‘access_token’ is required for static_bearer type.”
401	`TOKEN_INVALID`	Missing or invalid authentication token

See Errors for the full error envelope.

​Headers

​Request body

​credentials array element

​Example request

​Example response

​Errors