CredVault
Dashboard

API Reference

The CredVault REST API provides programmatic access to all platform capabilities. This reference documents the available endpoints, authentication methods, request formats, and response structures.

Interactive API Testing

We provide a modern interactive API explorer where you can test endpoints directly in your browser with live "Try it" buttons:

Open Interactive API Explorer - Test all endpoints live

With our interactive explorer you can:

  • Browse all public API endpoints
  • Test requests and responses in real-time
  • View request and response schemas
  • Generate code snippets for your programming language
  • Test with your own API keys
  • See live examples for every endpoint

Understanding the API Flow

graph LR
    A["Your Application"] -->|API Request| B["CredVault API"]
    B -->|Authenticates| C["Auth Layer"]
    C -->|Processes| D["Endpoint Handler"]
    D -->|Returns| E["JSON Response"]
    E -->|Your Application| A
    
    style A fill:#1f97d4,stroke:#0066a1,color:#fff
    style B fill:#ff9900,stroke:#cc6600,color:#fff
    style C fill:#3daa84,stroke:#1f8859,color:#fff
    style D fill:#3daa84,stroke:#1f8859,color:#fff
    style E fill:#ff9900,stroke:#cc6600,color:#fff

Base URL

All API requests are made to the CredVault API server. For cloud-hosted accounts, use your regional endpoint. Enterprise customers have custom endpoints provided by their account manager.

Authentication

Every API request requires authentication credentials. CredVault supports two authentication methods depending on your use case.

API Key Authentication

Use API key authentication for server-to-server communication and backend applications. This method is recommended for scripts, automation, and service integrations.

API keys are created in your dashboard under Settings → API Keys. Each key has associated permissions that control what operations it can perform. Create multiple keys for different applications or environments to maintain security.

Include your API key in the request header:

Authorization: ApiKey YOUR_API_KEY_HERE

Bearer Token Authentication

Use bearer token authentication for applications acting on behalf of users. This method is appropriate for web and mobile applications where end users have logged in.

Tokens are obtained through the authentication endpoints and expire after a period of time. The token represents the user's session and inherits all the user's permissions and restrictions.

Include the token in the Authorization header:

Authorization: Bearer YOUR_TOKEN_HERE

Request Format

API requests use standard HTTP methods with RESTful conventions:

  • GET — Retrieve resources or fetch data
  • POST — Create new resources or perform actions
  • PUT — Replace or update entire resources
  • PATCH — Apply partial updates
  • DELETE — Remove resources

All request bodies should be JSON-encoded. Always set the Content-Type header to application/json for requests that include a body.

Example request with cURL:

curl -X GET https://api.credvault.io/v1/resources \
  -H "Authorization: ApiKey YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json"

Response Format

All API responses return JSON format. Successful responses contain the requested data, while error responses include an error code and descriptive message.

Successful Responses

Operations that succeed return HTTP status codes in the 2xx range. The response body contains your requested data, often wrapped in a data field.

Create operations return the newly created resource with its assigned ID. List operations return an array of resources with pagination information when applicable.

Example successful response:

{
  "status": "success",
  "data": {
    "id": "resource_123",
    "name": "My Resource",
    "created_at": "2026-06-13T10:30:00Z"
  }
}

Error Responses

When errors occur, the API returns appropriate HTTP status codes:

  • 400 Bad Request — The request was malformed or missing required parameters
  • 401 Unauthorized — Authentication credentials were missing or invalid
  • 403 Forbidden — The authenticated user lacks permission for this operation
  • 404 Not Found — The requested resource does not exist
  • 429 Too Many Requests — You have exceeded your rate limit
  • 500 Internal Server Error — An unexpected server error occurred

Error responses always include a message explaining what went wrong. Use this information for debugging and to provide helpful feedback to users.

Example error response:

{
  "status": "error",
  "code": "MISSING_PARAMETER",
  "message": "Required parameter 'name' is missing from request"
}

Rate Limiting

To ensure fair usage and maintain platform stability, all API requests are rate limited. Your rate limits depend on your subscription tier.

When you exceed rate limits, the API returns a 429 status code. The response includes headers indicating when you can retry your request. Implement exponential backoff in your applications to handle rate limits gracefully.

Getting Started with the API

The easiest way to explore and test the API is using our interactive API explorer. Here's how:

1. Visit the API Explorer

Navigate to /api-docs to open the interactive Swagger UI interface.

2. Choose an Endpoint

Browse through the available endpoints organized by resource type. Each endpoint shows the HTTP method, path, parameters, and required headers.

3. Try It Out

Click the "Try it out" button on any endpoint to test it directly in your browser. You can provide your own API key and test parameters.

4. View Response

After executing, you'll see:

  • The actual HTTP request that was sent
  • The response status code and headers
  • The JSON response body
  • Links to generate code snippets in your language

5. Generate Code Snippets

Use the generated code samples as a starting point for your implementation. The explorer can generate snippets for JavaScript, Python, cURL, and many other languages.

API Resources

The API is organized around resources with standard CRUD endpoints plus specialized actions for each resource type.

Available resource categories include:

  • Data operations for querying, inserting, updating, and deleting records
  • Cluster management for viewing and configuring database clusters
  • Integration endpoints for connecting external services
  • Intelligence engine capabilities for ML-powered operations
  • Webhook configuration for event notifications

Refer to the complete API documentation in the interactive explorer for detailed information about each endpoint.

Pagination

Endpoints that return lists support pagination for handling large result sets. Common parameters include:

  • limit — Maximum number of results to return
  • offset or skip — Number of results to skip
  • cursor — For cursor-based pagination

Paginated responses include metadata about total count and cursors for fetching additional pages.

Filtering and Sorting

Many list endpoints accept query parameters for filtering and sorting results. Filter by field values, date ranges, or status. Sort ascending or descending by specific fields.

The exact parameters vary by endpoint. Refer to individual endpoint documentation for available options.

Versioning

The API uses URL path versioning. The current version is v1. Breaking changes will be introduced in new versions, giving you time to update your integrations.

We maintain backward compatibility within versions. New fields may be added to responses, but existing fields won't be removed or changed.