List credentials

GET /v1/vaults/{vault_id}/credentials Lists credentials under the specified vault. Archived credentials are excluded by default.

Path parameters

Parameter	Type	Required	Description
`vault_id`	string	Yes	Vault unique identifier

Headers

Header	Required	Description
`Authorization`	Yes	`Bearer $QODER_PAT`

Query parameters

Parameter	Type	Required	Description
`limit`	integer	No	Maximum number of records per page
`after_id`	string	No	Cursor pagination: return records after this ID
`before_id`	string	No	Cursor pagination: return records before this ID
`include_archived`	boolean	No	Set to `true` to include archived credentials
`name`	string	No	Search credentials by MCP server URL
`created_at[gte]`	string	No	Include credentials created at or after this RFC 3339 timestamp
`created_at[lte]`	string	No	Include credentials created at or before this RFC 3339 timestamp

Example request

curl -X GET https://api.qoder.com/api/v1/cloud/vaults/vault_019e3bb940277f0db05ab74291acf6ef/credentials \
  -H "Authorization: Bearer $QODER_PAT"

Example response

HTTP 200 OK

{
  "data": [
    {
      "id": "vcred_019e3bb940297658a632dbf920057eff",
      "vault_id": "vault_019e3bb940277f0db05ab74291acf6ef",
      "mcp_server_url": "https://example.com/mcp",
      "protocol": "streamable_http",
      "type": "static_bearer",
      "status": "active",
      "created_at": "2026-05-18T15:34:16.876188Z",
      "updated_at": "2026-05-18T15:34:16.876188Z"
    }
  ],
  "first_id": "vcred_019e3bb940297658a632dbf920057eff",
  "last_id": "vcred_019e3bb940297658a632dbf920057eff",
  "has_more": false
}

Response fields

Field	Type	Description
`data`	array	Array of Vault credential objects
`first_id`	string \| null	ID of the first record on the current page
`last_id`	string \| null	ID of the last record on the current page
`has_more`	boolean	Whether more pages are available

VaultCredential object

Field	Type	Description
`id`	string	Credential unique identifier with the `vcred_` prefix
`vault_id`	string	Owning Vault ID
`mcp_server_url`	string	MCP server URL
`protocol`	string	Protocol: `streamable_http`
`type`	string	Credential type: `static_bearer`
`status`	string	Status: `active` or `archived`
`archived_at`	string	Archive time; present only when archived
`created_at`	string	Creation time (ISO 8601)
`updated_at`	string	Last update time (ISO 8601)

Errors

HTTP	Type	Trigger
401	`TOKEN_INVALID`	Missing or invalid authentication token
404	`not_found_error`	Vault does not exist or is not accessible

Notes

The credential list does not return the value of access_token (for security reasons).
Archived credentials are excluded by default. Pass include_archived=true to include them.

See Errors for the full error envelope.

Authenticate with vaults

Store and inject secrets safely into agent sessions.

​Path parameters

​Headers

​Query parameters

​Example request

​Example response

​Response fields

​VaultCredential object

​Errors

​Notes

​Related