Skip to main content
GET /api/v1/cloud/vaults/{vault_id}/credentials Lists credentials under the specified vault. Archived credentials are excluded by default.

Path parameters

ParameterTypeRequiredDescription
vault_idstringYesVault unique identifier

Headers

HeaderRequiredDescription
AuthorizationYesBearer $QODER_PAT

Query parameters

ParameterTypeRequiredDescription
limitintegerNoMaximum number of records per page. Default 20, range 1-100. Values above 100 return 400 invalid_request_error.
pagestringNoClaude-style forward cursor. Equivalent to after_id; mutually exclusive with before_id and after_id
after_idstringNoCursor pagination: return records after this ID. Mutually exclusive with page and before_id
before_idstringNoCursor pagination: return records before this ID. Mutually exclusive with page and after_id
include_archivedbooleanNoSet to true to include archived credentials
namestringNoSearch credentials by MCP server URL

Example request

curl -X GET https://api.qoder.com/api/v1/cloud/vaults/vault_019e3bb940277f0db05ab74291acf6ef/credentials \
  -H "Authorization: Bearer $QODER_PAT"

Example response

HTTP 200 OK
{
  "data": [
    {
      "id": "vcred_019e3bb940297658a632dbf920057eff",
      "type": "vault_credential",
      "vault_id": "vault_019e3bb940277f0db05ab74291acf6ef",
      "auth": {
        "type": "static_bearer",
        "mcp_server_url": "https://example.com/mcp"
      },
      "display_name": null,
      "metadata": {
        "team": "docs"
      },
      "archived_at": null,
      "created_at": "2026-05-18T15:34:16.876188Z",
      "updated_at": "2026-05-18T15:34:16.876188Z"
    }
  ],
  "next_page": null,
  "first_id": "vcred_019e3bb940297658a632dbf920057eff",
  "last_id": "vcred_019e3bb940297658a632dbf920057eff",
  "has_more": false
}

Response fields

FieldTypeDescription
dataarrayArray of Vault credential objects
next_pagestring | nullForward cursor for the next page; use as page when has_more is true
first_idstring | nullID of the first record on the current page
last_idstring | nullID of the last record on the current page
has_morebooleanWhether more pages are available

VaultCredential object

FieldTypeDescription
idstringCredential unique identifier with the vcred_ prefix
typestringAlways "vault_credential"
vault_idstringOwning Vault ID
authobjectSanitized authentication details; secrets are never returned
display_namenullCurrently always null
metadataobjectCustom metadata object stored with the credential; defaults to {}
archived_atstring | nullArchive time, or null when active
created_atstringCreation time (ISO 8601)
updated_atstringLast update time (ISO 8601)

Errors

HTTPTypeTrigger
400invalid_request_errorInvalid limit, or more than one of page, before_id, and after_id is provided
401TOKEN_INVALIDMissing or invalid authentication token
404not_found_errorVault does not exist or is not accessible

Notes

  • The credential list does not return credential secrets.
  • Archived credentials are excluded by default. Pass include_archived=true to include them.
See Errors for the full error envelope.

Authenticate with vaults

Store and inject secrets safely into agent sessions.