Skip to content

Click in-app to access the full platform documentation for your version of DataRobot.

Credentials

This page outlines the operations, endpoints, parameters, and example requests and responses for the Credentials.

GET /api/v2/credentials/

List all sets of credentials available for given user.

Code samples

# You can also use wget
curl -X GET http://10.97.68.125/api/v2/credentials/ \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

Parameters

Name In Type Required Description
offset query integer false Number of results to skip.
limit query integer false At most this many results are returned. The default may change without notice.
types query any false Includes only credentials of the specified type. Repeat the parameter for filtering on multiple statuses.

Example responses

200 Response

{
  "count": 0,
  "data": [
    {
      "creationDate": "2019-08-24T14:15:22Z",
      "credentialId": "string",
      "credentialType": "adls_gen2_oauth",
      "description": "string",
      "name": "string"
    }
  ],
  "next": "http://example.com",
  "previous": "http://example.com",
  "totalCount": 0
}

Responses

Status Meaning Description Schema
200 OK A paginated list of credentials. CredentialsListResponse

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

POST /api/v2/credentials/

Store a new set of credentials.

Code samples

# You can also use wget
curl -X POST http://10.97.68.125/api/v2/credentials/ \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

Body parameter

{
  "credentialType": "basic",
  "description": "string",
  "name": "string",
  "password": "string",
  "snowflakeAccountName": "string",
  "user": "string"
}

Parameters

Name In Type Required Description
body body CredentialsBody false none

Example responses

201 Response

{
  "creationDate": "2019-08-24T14:15:22Z",
  "credentialId": "string",
  "credentialType": "adls_gen2_oauth",
  "description": "string",
  "name": "string"
}

Responses

Status Meaning Description Schema
201 Created Credentials stored successfully. CreateCredentialsResponse
409 Conflict The specified name is already in use. None

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

GET /api/v2/credentials/associations/{associationId}/

Returns a list of credentials associated with the specified object for the given session user.

Code samples

# You can also use wget
curl -X GET http://10.97.68.125/api/v2/credentials/associations/{associationId}/ \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

Parameters

Name In Type Required Description
offset query integer false Number of results to skip.
limit query integer false At most this many results are returned. The default may change without notice.
orderBy query string false Sort order which will be applied to credential associations list. Prefix the attribute name with a dash to sort in descending order, e.g. "-is_default". Absent by default.
associationId path string true The compound ID of the data connection. == : Where: of ObjectId type - the ID of the data connection; of string type - the type of data connection from CredentialMappingResourceTypes Enum: dataconnection, batch_prediction_job_definition.

Enumerated Values

Parameter Value
orderBy isDefault
orderBy -isDefault

Example responses

200 Response

{
  "count": 0,
  "data": [
    {
      "creationDate": "2019-08-24T14:15:22Z",
      "credentialId": "string",
      "credentialType": "adls_gen2_oauth",
      "description": "string",
      "isDefault": true,
      "name": "string",
      "objectId": "string",
      "objectType": "batchPredictionJobDefinition"
    }
  ],
  "next": "http://example.com",
  "previous": "http://example.com",
  "totalCount": 0
}

Responses

Status Meaning Description Schema
200 OK List of credentials associated with the object for the session user. ListCredentialsAssociationsResponse

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

DELETE /api/v2/credentials/{credentialId}/

Delete the credential set matching the specified ID if it is not used by any data connection or batch prediction job.

Code samples

# You can also use wget
curl -X DELETE http://10.97.68.125/api/v2/credentials/{credentialId}/ \
  -H 'Authorization: Bearer {access-token}'

Parameters

Name In Type Required Description
credentialId path string true Credentials entity ID.

Responses

Status Meaning Description Schema
204 No Content Credentials deleted successfully. None
409 Conflict Credentials are in use by one or more data connections or batch prediction jobs. None

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

GET /api/v2/credentials/{credentialId}/

Return the credential set matching the specified ID.

Code samples

# You can also use wget
curl -X GET http://10.97.68.125/api/v2/credentials/{credentialId}/ \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

Parameters

Name In Type Required Description
credentialId path string true Credentials entity ID.

Example responses

200 Response

{
  "creationDate": "2019-08-24T14:15:22Z",
  "credentialId": "string",
  "credentialType": "adls_gen2_oauth",
  "description": "string",
  "name": "string"
}

Responses

Status Meaning Description Schema
200 OK Credentials retrieved successfully. CreateCredentialsResponse

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

PATCH /api/v2/credentials/{credentialId}/

Update specified credentials

Code samples

# You can also use wget
curl -X PATCH http://10.97.68.125/api/v2/credentials/{credentialId}/ \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer {access-token}'

Body parameter

{
  "awsAccessKeyId": "string",
  "awsSecretAccessKey": "string",
  "awsSessionToken": "string",
  "azureConnectionString": "string",
  "azureTenantId": "string",
  "clientId": "string",
  "clientSecret": "string",
  "description": "string",
  "gcpKey": {
    "authProviderX509CertUrl": "http://example.com",
    "authUri": "http://example.com",
    "clientEmail": "string",
    "clientId": "string",
    "clientX509CertUrl": "http://example.com",
    "privateKey": "string",
    "privateKeyId": "string",
    "projectId": "string",
    "tokenUri": "http://example.com",
    "type": "service_account"
  },
  "name": "string",
  "oauthConfigId": "string",
  "oauthIssuerType": "azure",
  "oauthIssuerUrl": "http://example.com",
  "oauthScopes": [
    "string"
  ],
  "passphrase": "string",
  "password": "string",
  "personalAccessToken": "string",
  "privateKeyStr": "string",
  "refreshToken": "string",
  "snowflakeAccountName": "string",
  "token": "string",
  "tokenName": "string",
  "user": "string"
}

Parameters

Name In Type Required Description
credentialId path string true Credentials entity ID.
body body CredentialsUpdate false none

Responses

Status Meaning Description Schema
200 OK Set of credentials updated None
404 Not Found Requested credentials not found None
409 Conflict The name specified for credentials is already in use. None
422 Unprocessable Entity Must specify at least one field to update None

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

GET /api/v2/credentials/{credentialId}/associations/

List all objects associated with specified credentials for the current user.

Code samples

# You can also use wget
curl -X GET http://10.97.68.125/api/v2/credentials/{credentialId}/associations/ \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

Parameters

Name In Type Required Description
offset query integer false Number of results to skip.
limit query integer false At most this many results are returned. The default may change without notice.
types query any false Includes only credentials of the specified type. Repeat the parameter for filtering on multiple statuses.
credentialId path string true Credentials entity ID.

Example responses

200 Response

{
  "count": 0,
  "data": [
    {
      "isDefault": true,
      "link": "http://example.com",
      "objectId": "string",
      "objectType": "string"
    }
  ],
  "next": "http://example.com",
  "previous": "http://example.com",
  "totalCount": 0
}

Responses

Status Meaning Description Schema
200 OK Objects associated with the specified credentials for the current user. CredentialsListAssociationsResponse

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

PATCH /api/v2/credentials/{credentialId}/associations/

Add objects associated with credentials

Code samples

# You can also use wget
curl -X PATCH http://10.97.68.125/api/v2/credentials/{credentialId}/associations/ \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer {access-token}'

Body parameter

{
  "credentialsToAdd": [
    {
      "objectId": "string",
      "objectType": "dataconnection"
    }
  ],
  "credentialsToRemove": [
    "string"
  ]
}

Parameters

Name In Type Required Description
credentialId path string true Credentials entity ID.
body body CredentialsAssociationUpdate false none

Responses

Status Meaning Description Schema
200 OK none None
204 No Content Credentials association updated None
404 Not Found Requested credentials not found None
409 Conflict One or more associations already exists when adding or one or more associations do not exist None
422 Unprocessable Entity Must specify a field to update or must specify only one of credentialsToAdd or credentialsToRemove. None

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

PUT /api/v2/credentials/{credentialId}/associations/{associationId}/

Set (create or update) the credentials' association for the given Data Connection for the given session Owner for the given credentials.

Code samples

# You can also use wget
curl -X PUT http://10.97.68.125/api/v2/credentials/{credentialId}/associations/{associationId}/ \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

Body parameter

{
  "isDefault": false
}

Parameters

Name In Type Required Description
credentialId path string true Credentials entity ID.
associationId path string true The compound ID of the data connection. == : Where: of ObjectId type - the ID of the data connection; of string type - the type of data connection from CredentialMappingResourceTypes Enum: dataconnection, batch_prediction_job_definition.
body body SetCredentialsAssociationRequest false none

Example responses

200 Response

{
  "creationDate": "2019-08-24T14:15:22Z",
  "credentialId": "string",
  "credentialType": "adls_gen2_oauth",
  "description": "string",
  "isDefault": true,
  "name": "string",
  "objectId": "string",
  "objectType": "batchPredictionJobDefinition"
}

Responses

Status Meaning Description Schema
200 OK Credentials association was successfully set (created or updated). RetrieveCredentialAssociationResponse
201 Created New credential association was created. None

To perform this operation, you must be authenticated by means of one of the following methods:

BearerAuth

Schemas

CreateCredentialsResponse

{
  "creationDate": "2019-08-24T14:15:22Z",
  "credentialId": "string",
  "credentialType": "adls_gen2_oauth",
  "description": "string",
  "name": "string"
}

Properties

Name Type Required Restrictions Description
creationDate string(date-time) true none ISO-8601 formatted date/time when these credentials were created.
credentialId string true none ID of these credentials.
credentialType string false none Type of credentials.
description string false none Description of these credentials.
name string true none Name of these credentials.

Enumerated Values

Property Value
credentialType adls_gen2_oauth
credentialType azure
credentialType azure_service_principal
credentialType basic
credentialType bearer
credentialType gcp
credentialType oauth
credentialType rsa
credentialType s3
credentialType snowflake_key_pair_user_account
credentialType snowflake_oauth_user_account
credentialType tableau_access_token

CredentialsAssociationUpdate

{
  "credentialsToAdd": [
    {
      "objectId": "string",
      "objectType": "dataconnection"
    }
  ],
  "credentialsToRemove": [
    "string"
  ]
}

Properties

Name Type Required Restrictions Description
credentialsToAdd [CredentialsToAdd] false none Objects to associate with given credentials.
credentialsToRemove [string] false none Object IDs, each of which identifies an object to be disassociated from this credential. To see which objects are currently associated, see the response from GET /api/v2/credentials/{credentialId}/associations/.

CredentialsAssociationsData

{
  "isDefault": true,
  "link": "http://example.com",
  "objectId": "string",
  "objectType": "string"
}

Properties

Name Type Required Restrictions Description
isDefault boolean false none Whether this credential association with the given object is default for given session user.
link string(uri)¦null true none Link to get more details about associated object.
objectId string true none Associated object ID.
objectType string true none Associated object type.

CredentialsBody

{
  "credentialType": "basic",
  "description": "string",
  "name": "string",
  "password": "string",
  "snowflakeAccountName": "string",
  "user": "string"
}

Properties

oneOf

Name Type Required Restrictions Description
anonymous object false none none
» credentialType string false none Credentials type.
» description string false none Credentials description.
» name string true none Credentials name.
» password string true none Password to store for this credentials.
» snowflakeAccountName string false none Snowflake account name.
» user string true none Username to store for this credentials.

xor

Name Type Required Restrictions Description
anonymous object false none none
» credentialType string true none Credentials type.
» description string false none Credentials description.
» name string true none Credentials name.
» refreshToken string true none OAUTH token.
» token string true none OAUTH token.

xor

Name Type Required Restrictions Description
anonymous object false none none
» awsAccessKeyId string false none AWS access key ID.
» awsSecretAccessKey string false none AWS secret access key.
» awsSessionToken string false none AWS session token.
» credentialType string true none Credentials type.
» description string false none Credentials description.
» name string true none Credentials name.

xor

Name Type Required Restrictions Description
anonymous object false none none
» credentialType string true none Credentials type.
» description string false none Credentials description.
» gcpKey GCPKey true none The Google Cloud Platform (GCP) key (applicable for credentialType gcp only).Output is the downloaded JSON resulting from creating a service account User Managed Key (in the IAM & admin > Service accounts section of GCP).
» name string true none Credentials name.

xor

Name Type Required Restrictions Description
anonymous object false none none
» azureConnectionString string true none Azure connection string.
» credentialType string true none Credentials type.
» description string false none Credentials description.
» name string true none Credentials name.

xor

Name Type Required Restrictions Description
anonymous object false none none
» azureTenantId string true none Tenant ID of the Azure AD service principal.
» clientId string true none Client ID of the Azure AD service principal.
» clientSecret string true none Client Secret of the Azure AD service principal.
» credentialType string true none Credentials type.
» description string false none Credentials description.
» name string true none Credentials name.

xor

Name Type Required Restrictions Description
anonymous object false none none
» clientId string false none Snowflake OAUTH client ID.
» clientSecret string false none Snowflake OAUTH client secret.
» credentialType string true none Credentials type.
» description string false none Credentials description.
» name string true none Credentials name.
» oauthConfigId string false none ID of snowflake OAuth configurations shared by admin.
» oauthIssuerType string false none OAuth issuer type.
» oauthIssuerUrl string(uri) false none OAuth issuer URL.
» oauthScopes [string] false none OAuth scopes.
» snowflakeAccountName string false none Snowflake account name.

xor

Name Type Required Restrictions Description
anonymous object false none none
» clientId string true none ADLS Gen2 OAuth client ID.
» clientSecret string true none ADLS Gen2 OAuth client secret.
» credentialType string true none Credentials type.
» description string false none Credentials description.
» name string true none Credentials name.
» oauthScopes [string] true none ADLS Gen2 OAuth scopes.

xor

Name Type Required Restrictions Description
anonymous object false none none
» credentialType string true none Credentials type.
» description string false none Credentials description.
» name string true none Credentials name.
» personalAccessToken string true none Tableau personal access token.
» tokenName string true none Tableau token name.

xor

Name Type Required Restrictions Description
anonymous object false none none
» credentialType string true none Credentials type.
» description string false none Credentials description.
» name string true none Credentials name.
» passphrase string false none Optional passphrase to encrypt private key.
» privateKeyStr string true none Private key for key pair authentication.
» user string true none Username for this credential.

Enumerated Values

Property Value
credentialType basic
credentialType oauth
credentialType s3
credentialType gcp
credentialType azure
credentialType azure_service_principal
credentialType snowflake_oauth_user_account
oauthIssuerType azure
oauthIssuerType okta
oauthIssuerType snowflake
credentialType adls_gen2_oauth
credentialType tableau_access_token
credentialType snowflake_key_pair_user_account

CredentialsListAssociationsResponse

{
  "count": 0,
  "data": [
    {
      "isDefault": true,
      "link": "http://example.com",
      "objectId": "string",
      "objectType": "string"
    }
  ],
  "next": "http://example.com",
  "previous": "http://example.com",
  "totalCount": 0
}

Properties

Name Type Required Restrictions Description
count integer false none Number of items returned on this page.
data [CredentialsAssociationsData] true none Objects associated with the specified credentials.
next string(uri)¦null true none URL pointing to the next page (if null, there is no next page).
previous string(uri)¦null true none URL pointing to the previous page (if null, there is no previous page).
totalCount integer true none The total number of items across all pages.

CredentialsListResponse

{
  "count": 0,
  "data": [
    {
      "creationDate": "2019-08-24T14:15:22Z",
      "credentialId": "string",
      "credentialType": "adls_gen2_oauth",
      "description": "string",
      "name": "string"
    }
  ],
  "next": "http://example.com",
  "previous": "http://example.com",
  "totalCount": 0
}

Properties

Name Type Required Restrictions Description
count integer false none Number of items returned on this page.
data [CreateCredentialsResponse] true none List of credentials.
next string(uri)¦null true none URL pointing to the next page (if null, there is no next page).
previous string(uri)¦null true none URL pointing to the previous page (if null, there is no previous page).
totalCount integer true none The total number of items across all pages.

CredentialsToAdd

{
  "objectId": "string",
  "objectType": "dataconnection"
}

Properties

Name Type Required Restrictions Description
objectId string true none Object ID identifying the object to be associated with the credentials.
objectType string true none Type of object associated with the credentials.

Enumerated Values

Property Value
objectType dataconnection

CredentialsUpdate

{
  "awsAccessKeyId": "string",
  "awsSecretAccessKey": "string",
  "awsSessionToken": "string",
  "azureConnectionString": "string",
  "azureTenantId": "string",
  "clientId": "string",
  "clientSecret": "string",
  "description": "string",
  "gcpKey": {
    "authProviderX509CertUrl": "http://example.com",
    "authUri": "http://example.com",
    "clientEmail": "string",
    "clientId": "string",
    "clientX509CertUrl": "http://example.com",
    "privateKey": "string",
    "privateKeyId": "string",
    "projectId": "string",
    "tokenUri": "http://example.com",
    "type": "service_account"
  },
  "name": "string",
  "oauthConfigId": "string",
  "oauthIssuerType": "azure",
  "oauthIssuerUrl": "http://example.com",
  "oauthScopes": [
    "string"
  ],
  "passphrase": "string",
  "password": "string",
  "personalAccessToken": "string",
  "privateKeyStr": "string",
  "refreshToken": "string",
  "snowflakeAccountName": "string",
  "token": "string",
  "tokenName": "string",
  "user": "string"
}

Properties

Name Type Required Restrictions Description
awsAccessKeyId string false none AWS access key ID (applicable for credentialType s3 only).
awsSecretAccessKey string false none The AWS secret access key (applicable for credentialType s3 only).
awsSessionToken string false none The AWS session token (applicable for credentialType s3 only).
azureConnectionString string false none Azure connection string (applicable for credentialType azure only).
azureTenantId string false none Tenant ID of the Azure AD service principal (applicable for credentialType azure_service_principal only).
clientId string false none Snowflake OAUTH client ID (applicable for credentialType snowflake_oauth_user_account only).
clientSecret string false none Snowflake OAUTH client secret (applicable for credentialType snowflake_oauth_user_account only).
description string false none Description of credentials. If omitted, and name is not omitted, clears any previous description for that name.
gcpKey GCPKey false none The Google Cloud Platform (GCP) key (applicable for credentialType gcp only).Output is the downloaded JSON resulting from creating a service account User Managed Key (in the IAM & admin > Service accounts section of GCP).
name string false none Name of credentials.
oauthConfigId string false none ID of snowflake OAuth configurations shared by admin.
oauthIssuerType string false none Snowflake IDP issuer type (applicable for credentialType snowflake_oauth_user_account only).
oauthIssuerUrl string(uri) false none Snowflake External IDP issuer URL (applicable for Snowflake External OAUTH connections only).
oauthScopes [string] false none Snowflake External OAUTH scopes (applicable for Snowflake External OAUTH connections only).
passphrase string false none Optional passphrase to encrypt private key.(applicable for credentialType snowflake_key_pair_user_account only).
password string false none Password to update for this set of credentials (applicable for credentialType basic only).
personalAccessToken string false none Tableau personal access token (PAT)(applicable for Tableau AUTH connections only).
privateKeyStr string false none Private key for key pair authentication.(applicable for credentialType snowflake_key_pair_user_account only).
refreshToken string false none OAUTH refresh token (applicable for credentialType oauth only).
snowflakeAccountName string false none Snowflake account name (applicable for snowflake_oauth_user_account only).
token string false none OAUTH token (applicable for credentialType oauth only).
tokenName string false none Tableau token name(applicable for Tableau AUTH connections only).
user string false none Username to update for this set of credentials (applicable for credentialType basic and snowflake_key_pair_user_account only).

Enumerated Values

Property Value
oauthIssuerType azure
oauthIssuerType okta
oauthIssuerType snowflake

GCPKey

{
  "authProviderX509CertUrl": "http://example.com",
  "authUri": "http://example.com",
  "clientEmail": "string",
  "clientId": "string",
  "clientX509CertUrl": "http://example.com",
  "privateKey": "string",
  "privateKeyId": "string",
  "projectId": "string",
  "tokenUri": "http://example.com",
  "type": "service_account"
}

Properties

Name Type Required Restrictions Description
authProviderX509CertUrl string(uri) false none Auth provider X509 certificate URL.
authUri string(uri) false none Auth URI.
clientEmail string false none Client email address.
clientId string false none Client ID.
clientX509CertUrl string(uri) false none Client X509 certificate URL.
privateKey string false none Private key.
privateKeyId string false none Private key ID
projectId string false none Project ID.
tokenUri string(uri) false none Token URI.
type string true none GCP account type.

Enumerated Values

Property Value
type service_account

ListCredentialsAssociationsResponse

{
  "count": 0,
  "data": [
    {
      "creationDate": "2019-08-24T14:15:22Z",
      "credentialId": "string",
      "credentialType": "adls_gen2_oauth",
      "description": "string",
      "isDefault": true,
      "name": "string",
      "objectId": "string",
      "objectType": "batchPredictionJobDefinition"
    }
  ],
  "next": "http://example.com",
  "previous": "http://example.com",
  "totalCount": 0
}

Properties

Name Type Required Restrictions Description
count integer false none Number of items returned on this page.
data [RetrieveCredentialAssociationResponse] true none List of credentials associations.
next string(uri)¦null true none URL pointing to the next page (if null, there is no next page).
previous string(uri)¦null true none URL pointing to the previous page (if null, there is no previous page).
totalCount integer true none The total number of items across all pages.

RetrieveCredentialAssociationResponse

{
  "creationDate": "2019-08-24T14:15:22Z",
  "credentialId": "string",
  "credentialType": "adls_gen2_oauth",
  "description": "string",
  "isDefault": true,
  "name": "string",
  "objectId": "string",
  "objectType": "batchPredictionJobDefinition"
}

Properties

Name Type Required Restrictions Description
creationDate string(date-time) true none ISO-8601 formatted date/time when these credentials were created.
credentialId string true none ID of these credentials.
credentialType string false none Type of credentials.
description string false none Description of these credentials.
isDefault boolean false none Whether this credential association with the given object is default for given session user.
name string true none Name of these credentials.
objectId string true none Associated object ID.
objectType string true none Associated object type.

Enumerated Values

Property Value
credentialType adls_gen2_oauth
credentialType azure
credentialType azure_service_principal
credentialType basic
credentialType bearer
credentialType gcp
credentialType oauth
credentialType rsa
credentialType s3
credentialType snowflake_key_pair_user_account
credentialType snowflake_oauth_user_account
credentialType tableau_access_token
objectType batchPredictionJobDefinition
objectType dataconnection

SetCredentialsAssociationRequest

{
  "isDefault": false
}

Properties

Name Type Required Restrictions Description
isDefault boolean false none Whether this credentials' association with the given object is default for given session user.

Updated March 22, 2023
Back to top