> ## Documentation Index
> Fetch the complete documentation index at: https://docs.qoder.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List credentials

> List all credentials under a specific vault.

`GET /api/v1/cloud/vaults/{vault_id}/credentials`

Lists credentials under the specified vault. Archived credentials are excluded by default.

## Path parameters

| Parameter  | Type   | Required | Description             |
| ---------- | ------ | -------- | ----------------------- |
| `vault_id` | string | Yes      | Vault unique identifier |

## Headers

| Header          | Required | Description         |
| --------------- | -------- | ------------------- |
| `Authorization` | Yes      | `Bearer $QODER_PAT` |

## Query parameters

| Parameter          | Type    | Required | Description                                                                                                       |
| ------------------ | ------- | -------- | ----------------------------------------------------------------------------------------------------------------- |
| `limit`            | integer | No       | Maximum number of records per page. Default 20, range 1-100. Values above 100 return `400 invalid_request_error`. |
| `page`             | string  | No       | Claude-style forward cursor. Equivalent to `after_id`; mutually exclusive with `before_id` and `after_id`         |
| `after_id`         | string  | No       | Cursor pagination: return records after this ID. Mutually exclusive with `page` and `before_id`                   |
| `before_id`        | string  | No       | Cursor pagination: return records before this ID. Mutually exclusive with `page` and `after_id`                   |
| `include_archived` | boolean | No       | Set to `true` to include archived credentials                                                                     |
| `name`             | string  | No       | Search credentials by MCP server URL                                                                              |

## Example request

```bash theme={null}
curl -X GET https://api.qoder.com/api/v1/cloud/vaults/vault_019e3bb940277f0db05ab74291acf6ef/credentials \
  -H "Authorization: Bearer $QODER_PAT"
```

## Example response

**HTTP 200 OK**

```json theme={null}
{
  "data": [
    {
      "id": "vcred_019e3bb940297658a632dbf920057eff",
      "type": "vault_credential",
      "vault_id": "vault_019e3bb940277f0db05ab74291acf6ef",
      "auth": {
        "type": "static_bearer",
        "mcp_server_url": "https://example.com/mcp"
      },
      "display_name": null,
      "metadata": {
        "team": "docs"
      },
      "archived_at": null,
      "created_at": "2026-05-18T15:34:16.876188Z",
      "updated_at": "2026-05-18T15:34:16.876188Z"
    }
  ],
  "next_page": null,
  "first_id": "vcred_019e3bb940297658a632dbf920057eff",
  "last_id": "vcred_019e3bb940297658a632dbf920057eff",
  "has_more": false
}
```

## Response fields

| Field       | Type           | Description                                                                            |
| ----------- | -------------- | -------------------------------------------------------------------------------------- |
| `data`      | array          | Array of [Vault credential objects](/cloud-agents/api/vaults/schemas#vault-credential) |
| `next_page` | string \| null | Forward cursor for the next page; use as `page` when `has_more` is `true`              |
| `first_id`  | string \| null | ID of the first record on the current page                                             |
| `last_id`   | string \| null | ID of the last record on the current page                                              |
| `has_more`  | boolean        | Whether more pages are available                                                       |

### VaultCredential object

| Field          | Type           | Description                                                         |
| -------------- | -------------- | ------------------------------------------------------------------- |
| `id`           | string         | Credential unique identifier with the `vcred_` prefix               |
| `type`         | string         | Always `"vault_credential"`                                         |
| `vault_id`     | string         | Owning Vault ID                                                     |
| `auth`         | object         | Sanitized authentication details; secrets are never returned        |
| `display_name` | null           | Currently always `null`                                             |
| `metadata`     | object         | Custom metadata object stored with the credential; defaults to `{}` |
| `archived_at`  | string \| null | Archive time, or `null` when active                                 |
| `created_at`   | string         | Creation time (ISO 8601)                                            |
| `updated_at`   | string         | Last update time (ISO 8601)                                         |

## Errors

| HTTP | Type                    | Trigger                                                                              |
| ---- | ----------------------- | ------------------------------------------------------------------------------------ |
| 400  | `invalid_request_error` | Invalid `limit`, or more than one of `page`, `before_id`, and `after_id` is provided |
| 401  | `TOKEN_INVALID`         | Missing or invalid authentication token                                              |
| 404  | `not_found_error`       | Vault does not exist or is not accessible                                            |

## Notes

* The credential list does not return credential secrets.
* Archived credentials are excluded by default. Pass `include_archived=true` to include them.

See [Errors](/cloud-agents/api/conventions/errors) for the full error envelope.

## Related

<CardGroup cols={2}>
  <Card title="Authenticate with vaults" icon="key" href="/cloud-agents/vaults">
    Store and inject secrets safely into agent sessions.
  </Card>
</CardGroup>
