Skip to main content

Credentials API

Manage encrypted API credentials for external service connections.

List connected services

GET /api/credentials

Returns the list of credential keys that have stored credentials (no values).
Response: 
{
  "connectedKeys": ["revenuecat", "sentry", "vercel"]
}

Save credentials

POST /api/credentials

Store encrypted credentials for a service.
Request body: 
{
  "key": "sentry",
  "values": {
    "authToken": "sntrys_...",
    "orgSlug": "my-org"
  }
}

Delete credentials

DELETE /api/credentials

Remove stored credentials for a service.
Request body: 
{
  "key": "sentry"
}

Test credentials

POST /api/credentials/test

Test credentials by making a lightweight API call to the service.
Request body: 
{
  "key": "sentry",
  "values": {
    "authToken": "sntrys_...",
    "orgSlug": "my-org"
  }
}
Response: 
{ "ok": true }
or 
{ "ok": false, "error": "Sentry returned 401" }

OAuth redirect

GET /api/auth/{provider}/redirect

Initiates the OAuth authorization flow. Redirects the user to the provider’s authorization page.
Query params:
  • credKey: The credential store key (e.g., github)
  • scopes: Space-separated OAuth scopes

OAuth callback

GET /api/auth/{provider}/callback

Receives the OAuth authorization code, exchanges it for tokens, and stores them.
Automatically redirects to /settings?oauth=success or /settings?oauth=error.

Import from gws CLI (Google only)

POST /api/auth/gws-import

Import Google OAuth tokens from the @googleworkspace/cli local config.
Response: 
{ "imported": true }