Create an API credential

View as MarkdownOpen in Claude
This endpoint creates a new API credential for use with API connectors and the **Call API** action in Sigma. For more information on API credentials, see [Configure API credentials and connectors in Sigma](https://help.sigmacomputing.com/docs/configure-api-credentials-and-connectors-in-sigma). ### Usage notes - The user making this request must be assigned an account type with the **Manage API connectors** permission enabled. - The `allowlist` parameter is required and must contain at least one hostname glob pattern. Use `["*"]` to allow the credential to be used against any host. - The following authentication methods are supported: `basic`, `bearer`, `apiKey`, `oAuthClientCredentials`, `oAuthAuthorizationCode`, `oAuthPasswordCredentials`, `awsSigV4`. - Secret fields are encrypted at rest and are never returned in subsequent read responses. ### Usage scenarios - **Credential provisioning:** Automate credential creation as part of environment setup or onboarding. - **Multi-service authentication:** Create separate credentials for each external service, with allowlists scoped to only that service's domains.

Authentication

AuthorizationBearer

OAuth authentication of the form <token>.

Request

The request body.
namestringRequired
Display name of the credential.
allowlistlist of stringsRequired

Hostname glob patterns the credential may be used against (e.g. ["*.example.com"]). Required and must not be empty; use ["*"] to allow every host.

credentialobjectRequired
descriptionstringOptional

Human-readable description.

Response

The response body.
apiCredentialIdstring
Unique identifier of the API credential.
namestring
Display name of the credential.
authMethodenum
Authentication method the credential uses.
allowlistlist of strings

Hostname glob patterns (e.g. *.example.com) that the credential is authorized to be used against.

credentialobject

Nonsensitive projection of the credential, discriminated by authMethod. Secret fields (password, token, clientSecret, secretAccessKey) are never returned.

createdBystring
The identifier of the user who created this object.
updatedBystring
The identifier of the user or process that last updated this object.
createdAtdatetime
When the object was created.
updatedAtdatetime
When the object was last updated.
descriptionstring

Human-readable description.