> ## Documentation Index
> Fetch the complete documentation index at: https://docs.qoder.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a credential

> Add a new MCP server credential to a vault.

`POST /api/v1/cloud/vaults/{vault_id}/credentials`

Adds a new MCP server credential to the specified vault.

## Path parameters

| Parameter  | Type   | Required | Description             |
| ---------- | ------ | -------- | ----------------------- |
| `vault_id` | string | Yes      | Vault unique identifier |

## Headers

| Header          | Required | Description         |
| --------------- | -------- | ------------------- |
| `Authorization` | Yes      | `Bearer $QODER_PAT` |
| `Content-Type`  | Yes      | `application/json`  |

## Request body

| Field          | Type   | Required | Description                                                                                                              |
| -------------- | ------ | -------- | ------------------------------------------------------------------------------------------------------------------------ |
| `auth`         | object | Yes      | Credential authentication details. See [Credential auth object](/cloud-agents/api/vaults/schemas#credential-auth-object) |
| `display_name` | string | No       | Accepted for compatibility; currently returned as `null` and not persisted                                               |
| `metadata`     | object | No       | Custom metadata stored with the credential; defaults to `{}`                                                             |

## Example request

```bash theme={null}
curl -X POST https://api.qoder.com/api/v1/cloud/vaults/vault_019e3bb940277f0db05ab74291acf6ef/credentials \
  -H "Authorization: Bearer $QODER_PAT" \
  -H "Content-Type: application/json" \
  -d '{
    "auth": {
      "type": "static_bearer",
      "mcp_server_url": "https://example.com/mcp-stream",
      "token": "your-access-token"
    },
    "metadata": {"team":"docs"}
  }'
```

## Example response

**HTTP 200 OK**

```json theme={null}
{
  "id": "vcred_019e3bb98877759e862750b495c1fce8",
  "type": "vault_credential",
  "vault_id": "vault_019e3bb940277f0db05ab74291acf6ef",
  "auth": {
    "type": "static_bearer",
    "mcp_server_url": "https://example.com/mcp-stream"
  },
  "display_name": null,
  "metadata": {
    "team": "docs"
  },
  "archived_at": null,
  "created_at": "2026-05-18T15:34:35.387093Z",
  "updated_at": "2026-05-18T15:34:35.387093Z"
}
```

## Response fields

| Field          | Type           | Description                                                         |
| -------------- | -------------- | ------------------------------------------------------------------- |
| `id`           | string         | Credential unique identifier with the `vcred_` prefix               |
| `type`         | string         | Always `"vault_credential"`                                         |
| `vault_id`     | string         | Owning Vault ID                                                     |
| `auth`         | object         | Sanitized authentication details; secrets are never returned        |
| `display_name` | null           | Currently always `null`                                             |
| `metadata`     | object         | Custom metadata object stored with the credential; defaults to `{}` |
| `archived_at`  | string \| null | Archive time, or `null` when active                                 |
| `created_at`   | string         | Creation time (ISO 8601)                                            |
| `updated_at`   | string         | Last update time (ISO 8601)                                         |

## Errors

| HTTP | Type                    | Trigger                                                                                                   |
| ---- | ----------------------- | --------------------------------------------------------------------------------------------------------- |
| 400  | `invalid_request_error` | Missing `auth`, invalid credential type, missing required auth fields, or invalid `metadata`              |
| 401  | `TOKEN_INVALID`         | Missing or invalid authentication token                                                                   |
| 404  | `not_found_error`       | Vault does not exist or is not accessible                                                                 |
| 409  | `conflict_error`        | Vault is archived, vault reached the active credential limit, or a duplicate active MCP credential exists |

## Notes

* The response does not return credential secrets, including `token`, `access_token`, `refresh_token`, `client_secret`, or `secret_value`.
* A vault can hold up to 20 active credentials.
* Credentials are `active` immediately after creation.

See [Errors](/cloud-agents/api/conventions/errors) for the full error envelope.

## Related

<CardGroup cols={2}>
  <Card title="Authenticate with vaults" icon="key" href="/cloud-agents/vaults">
    Store and inject secrets safely into agent sessions.
  </Card>
</CardGroup>
