POST /v1/vaults/{vault_id}/credentials
Adds a new MCP server credential to the specified vault.
Path parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
vault_id | string | Yes | Vault unique identifier |
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer $QODER_PAT |
Content-Type | Yes | application/json |
Request body
| Field | Type | Required | Description |
|---|---|---|---|
mcp_server_url | string | Yes | Full URL of the MCP server |
protocol | string | Yes | Communication protocol. One of: sse, streamable_http |
type | string | Yes | Credential type. Currently only static_bearer is supported |
access_token | string | Yes | Access token (required for static_bearer type) |
Example request
Example response
HTTP 201 CreatedResponse fields
| Field | Type | Description |
|---|---|---|
id | string | Credential unique identifier with the vcred_ prefix |
vault_id | string | Owning Vault ID |
mcp_server_url | string | MCP server URL |
protocol | string | Protocol type: sse or streamable_http |
type | string | Credential type |
status | string | Status: active |
created_at | string | Creation time (ISO 8601) |
updated_at | string | Last update time (ISO 8601) |
Errors
| HTTP | Type | Trigger |
|---|---|---|
| 400 | invalid_request_error | Missing required field: “Field ‘access_token’ is required for static_bearer type.” |
| 401 | TOKEN_INVALID | Missing or invalid authentication token |
| 404 | not_found_error | Vault does not exist or has been deleted |
Notes
- The response does not return the value of
access_token(for security reasons). - A vault can hold multiple credentials.
- Credentials are
activeimmediately after creation.