> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://help.sigmacomputing.com/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://help.sigmacomputing.com/_mcp/server.

# Create an API credential

POST https://api.sigmacomputing.com/v2/api-credentials
Content-Type: application/json

This endpoint creates a new API credential for use with API connectors and the **Call API** action in Sigma. For more information on API credentials, see [Configure API credentials and connectors in Sigma](https://help.sigmacomputing.com/docs/configure-api-credentials-and-connectors-in-sigma).

### Usage notes
- The user making this request must be assigned an account type with the **Manage API connectors** permission enabled.
- The `allowlist` parameter is required and must contain at least one hostname glob pattern. Use `["*"]` to allow the credential to be used against any host.
- The following authentication methods are supported: `basic`, `bearer`, `apiKey`, `oAuthClientCredentials`, `oAuthAuthorizationCode`, `oAuthPasswordCredentials`, `awsSigV4`.
- Secret fields are encrypted at rest and are never returned in subsequent read responses.

### Usage scenarios
- **Credential provisioning:** Automate credential creation as part of environment setup or onboarding.
- **Multi-service authentication:** Create separate credentials for each external service, with allowlists scoped to only that service's domains.

Reference: https://help.sigmacomputing.com/reference/create-api-credential

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: sigma-rest-api
  version: 1.0.0
paths:
  /v2/api-credentials:
    post:
      operationId: createApiCredential
      summary: Create an API credential
      description: >-
        This endpoint creates a new API credential for use with API connectors
        and the **Call API** action in Sigma. For more information on API
        credentials, see [Configure API credentials and connectors in
        Sigma](https://help.sigmacomputing.com/docs/configure-api-credentials-and-connectors-in-sigma).


        ### Usage notes

        - The user making this request must be assigned an account type with the
        **Manage API connectors** permission enabled.

        - The `allowlist` parameter is required and must contain at least one
        hostname glob pattern. Use `["*"]` to allow the credential to be used
        against any host.

        - The following authentication methods are supported: `basic`, `bearer`,
        `apiKey`, `oAuthClientCredentials`, `oAuthAuthorizationCode`,
        `oAuthPasswordCredentials`, `awsSigV4`.

        - Secret fields are encrypted at rest and are never returned in
        subsequent read responses.


        ### Usage scenarios

        - **Credential provisioning:** Automate credential creation as part of
        environment setup or onboarding.

        - **Multi-service authentication:** Create separate credentials for each
        external service, with allowlists scoped to only that service's domains.
      tags:
        - apiCredentials
      parameters:
        - name: Authorization
          in: header
          description: OAuth authentication
          required: true
          schema:
            type: string
      responses:
        '200':
          description: The response body.
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/api-credentials_createApiCredential_Response_200
      requestBody:
        description: The request body.
        content:
          application/json:
            schema:
              type: object
              properties:
                name:
                  type: string
                  description: Display name of the credential.
                allowlist:
                  type: array
                  items:
                    type: string
                  description: >-
                    Hostname glob patterns the credential may be used against
                    (e.g. `["*.example.com"]`). Required and must not be empty;
                    use `["*"]` to allow every host.
                credential:
                  $ref: >-
                    #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential
                description:
                  type: string
                  description: Human-readable description.
              required:
                - name
                - allowlist
                - credential
servers:
  - url: https://api.sigmacomputing.com
    description: Server for GCP (US) hosted organizations
  - url: https://api.sa.gcp.sigmacomputing.com
    description: Server for GCP (KSA) hosted organizations
  - url: https://aws-api.sigmacomputing.com
    description: Server for AWS US (West) hosted organizations
  - url: https://api.us-a.aws.sigmacomputing.com
    description: Server for AWS US (East) hosted organizations
  - url: https://api.ca.aws.sigmacomputing.com
    description: Server for AWS Canada hosted organizations
  - url: https://api.eu.aws.sigmacomputing.com
    description: Server for AWS Europe hosted organizations
  - url: https://api.au.aws.sigmacomputing.com
    description: Server for AWS Australia and APAC hosted organizations
  - url: https://api.uk.aws.sigmacomputing.com
    description: Server for AWS UK hosted organizations
  - url: https://api.us.azure.sigmacomputing.com
    description: Server for Azure US hosted organizations
  - url: https://api.eu.azure.sigmacomputing.com
    description: Server for Azure Europe hosted organizations
  - url: https://api.ca.azure.sigmacomputing.com
    description: Server for Azure Canada hosted organizations
  - url: https://api.uk.azure.sigmacomputing.com
    description: Server for Azure United Kingdom hosted organizations
  - url: https://api.au.azure.sigmacomputing.com
    description: Server for Azure Australia hosted organizations
components:
  schemas:
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf0AuthMethod:
      type: string
      enum:
        - basic
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf0AuthMethod
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf0Basic:
      type: object
      properties:
        username:
          type: string
          description: Username for Basic authentication.
        password:
          type: string
          description: >-
            Password for Basic authentication. Encrypted at rest; never returned
            in responses.
      required:
        - username
        - password
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf0Basic
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential0:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf0AuthMethod
        basic:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf0Basic
      required:
        - authMethod
        - basic
      title: V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential0
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf1AuthMethod:
      type: string
      enum:
        - bearer
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf1AuthMethod
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf1Bearer:
      type: object
      properties:
        token:
          type: string
          description: Bearer token. Encrypted at rest; never returned in responses.
      required:
        - token
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf1Bearer
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential1:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf1AuthMethod
        bearer:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf1Bearer
      required:
        - authMethod
        - bearer
      title: V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential1
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf2AuthMethod:
      type: string
      enum:
        - apiKey
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf2AuthMethod
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf2ApiKey:
      type: object
      properties:
        key:
          type: string
          description: Header or query parameter name carrying the API key.
        value:
          type: string
          description: API key value. Encrypted at rest; never returned in responses.
        isQueryParam:
          type: boolean
          description: >-
            Whether the key is sent as a query parameter; if false, it is sent
            as a header.
      required:
        - key
        - value
        - isQueryParam
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf2ApiKey
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential2:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf2AuthMethod
        apiKey:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf2ApiKey
      required:
        - authMethod
        - apiKey
      title: V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential2
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf3AuthMethod:
      type: string
      enum:
        - oAuthClientCredentials
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf3AuthMethod
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod:
      type: string
      enum:
        - httpBasic
        - requestBody
      description: How client credentials are presented to the token endpoint.
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials:
      type: object
      properties:
        clientId:
          type: string
          description: OAuth client ID.
        clientSecret:
          type: string
          description: OAuth client secret. Encrypted at rest; never returned in responses.
        accessTokenUrl:
          type: string
          description: OAuth token endpoint URL.
        scopes:
          type: array
          items:
            type: string
          description: OAuth scopes requested at token exchange.
        accessTokenAuthMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod
          description: How client credentials are presented to the token endpoint.
      required:
        - clientId
        - clientSecret
        - accessTokenUrl
        - scopes
        - accessTokenAuthMethod
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential3:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf3AuthMethod
        oAuthClientCredentials:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials
      required:
        - authMethod
        - oAuthClientCredentials
      title: V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential3
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AuthMethod:
      type: string
      enum:
        - awsSigV4
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AuthMethod
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsResponseMapping:
      type: object
      properties:
        accessKeyField:
          type: string
        secretKeyField:
          type: string
        sessionTokenField:
          type: string
        expirationField:
          type: string
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsResponseMapping
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn:
      type: string
      enum:
        - queryParam
        - body
        - header
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItems:
      type: object
      properties:
        key:
          type: string
        value:
          type: string
        sendIn:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn
      required:
        - key
        - value
        - sendIn
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItems
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4:
      type: object
      properties:
        accessKeyId:
          type: string
          description: AWS access key ID.
        secretAccessKey:
          type: string
          description: >-
            AWS secret access key. Encrypted at rest; never returned in
            responses.
        region:
          type: string
          description: AWS region for SigV4 signing.
        service:
          type: string
          description: AWS service name for SigV4 signing (e.g. `s3`, `execute-api`).
        sessionToken:
          type: string
          description: AWS STS session token for temporary credentials.
        temporaryCredentialsUrl:
          type: string
          description: URL that vends temporary credentials (e.g. STS AssumeRole endpoint).
        temporaryCredentialsResponseMapping:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsResponseMapping
        temporaryCredentialsRequestParams:
          type: array
          items:
            $ref: >-
              #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4TemporaryCredentialsRequestParamsItems
          description: >-
            Additional key/value parameters attached to the
            temporary-credentials swap request. Each entry specifies whether it
            is sent as a request header, body field, or query parameter
            (`sendIn`: `header` | `body` | `queryParam`). Use this when the swap
            endpoint requires its own authentication (for example, an
            `x-api-key` header).
      required:
        - accessKeyId
        - secretAccessKey
      title: >-
        V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential4:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AuthMethod
        awsSigV4:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredentialOneOf4AwsSigV4
      required:
        - authMethod
        - awsSigV4
      title: V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential4
    V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential:
      oneOf:
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential0
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential1
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential2
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential3
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential4
      title: V2ApiCredentialsPostRequestBodyContentApplicationJsonSchemaCredential
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaAuthMethod:
      type: string
      enum:
        - basic
        - bearer
        - apiKey
        - oAuthClientCredentials
        - oAuthAuthorizationCode
        - oAuthPasswordCredentials
        - awsSigV4
      description: Authentication method the credential uses.
      title: V2ApiCredentialsPostResponsesContentApplicationJsonSchemaAuthMethod
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf0AuthMethod:
      type: string
      enum:
        - basic
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf0AuthMethod
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf0Basic:
      type: object
      properties:
        username:
          type: string
          description: Username for Basic authentication.
      required:
        - username
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf0Basic
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential0:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf0AuthMethod
        basic:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf0Basic
      required:
        - authMethod
      title: V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential0
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf1AuthMethod:
      type: string
      enum:
        - bearer
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf1AuthMethod
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential1:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf1AuthMethod
      required:
        - authMethod
      title: V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential1
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf2AuthMethod:
      type: string
      enum:
        - apiKey
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf2AuthMethod
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf2ApiKey:
      type: object
      properties:
        key:
          type: string
          description: Header or query parameter name carrying the API key.
        isQueryParam:
          type: boolean
          description: >-
            Whether the key is sent as a query parameter; if false, it is sent
            as a header.
      required:
        - key
        - isQueryParam
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf2ApiKey
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential2:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf2AuthMethod
        apiKey:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf2ApiKey
      required:
        - authMethod
      title: V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential2
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf3AuthMethod:
      type: string
      enum:
        - oAuthClientCredentials
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf3AuthMethod
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod:
      type: string
      enum:
        - httpBasic
        - requestBody
      description: How client credentials are presented to the token endpoint.
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials:
      type: object
      properties:
        clientId:
          type: string
          description: OAuth client ID.
        accessTokenUrl:
          type: string
          description: OAuth token endpoint URL.
        scopes:
          type: array
          items:
            type: string
          description: OAuth scopes requested at token exchange.
        accessTokenAuthMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentialsAccessTokenAuthMethod
          description: How client credentials are presented to the token endpoint.
      required:
        - clientId
        - accessTokenUrl
        - scopes
        - accessTokenAuthMethod
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential3:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf3AuthMethod
        oAuthClientCredentials:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf3OAuthClientCredentials
      required:
        - authMethod
      title: V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential3
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf4AuthMethod:
      type: string
      enum:
        - oAuthAuthorizationCode
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf4AuthMethod
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCodeAccessTokenAuthMethod:
      type: string
      enum:
        - httpBasic
        - requestBody
      description: How client credentials are presented to the token endpoint.
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCodeAccessTokenAuthMethod
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCode:
      type: object
      properties:
        clientId:
          type: string
          description: OAuth client ID.
        authorizationUrl:
          type: string
          description: OAuth authorization endpoint URL.
        accessTokenUrl:
          type: string
          description: OAuth token endpoint URL.
        scopes:
          type: array
          items:
            type: string
          description: OAuth scopes.
        accessTokenAuthMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCodeAccessTokenAuthMethod
          description: How client credentials are presented to the token endpoint.
      required:
        - clientId
        - authorizationUrl
        - accessTokenUrl
        - scopes
        - accessTokenAuthMethod
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCode
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential4:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf4AuthMethod
        oAuthAuthorizationCode:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf4OAuthAuthorizationCode
      required:
        - authMethod
      title: V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential4
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf5AuthMethod:
      type: string
      enum:
        - oAuthPasswordCredentials
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf5AuthMethod
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentialsAccessTokenAuthMethod:
      type: string
      enum:
        - httpBasic
        - requestBody
      description: How client credentials are presented to the token endpoint.
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentialsAccessTokenAuthMethod
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentials:
      type: object
      properties:
        username:
          type: string
          description: OAuth resource-owner username.
        accessTokenUrl:
          type: string
          description: OAuth token endpoint URL.
        scopes:
          type: array
          items:
            type: string
          description: OAuth scopes.
        accessTokenAuthMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentialsAccessTokenAuthMethod
          description: How client credentials are presented to the token endpoint.
        clientId:
          type: string
          description: OAuth client ID.
      required:
        - username
        - accessTokenUrl
        - scopes
        - accessTokenAuthMethod
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentials
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential5:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf5AuthMethod
        oAuthPasswordCredentials:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf5OAuthPasswordCredentials
      required:
        - authMethod
      title: V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential5
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AuthMethod:
      type: string
      enum:
        - awsSigV4
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AuthMethod
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsResponseMapping:
      type: object
      properties:
        accessKeyField:
          type: string
        secretKeyField:
          type: string
        sessionTokenField:
          type: string
        expirationField:
          type: string
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsResponseMapping
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn:
      type: string
      enum:
        - queryParam
        - body
        - header
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItems:
      type: object
      properties:
        key:
          type: string
        value:
          type: string
        sendIn:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItemsSendIn
      required:
        - key
        - value
        - sendIn
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItems
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4:
      type: object
      properties:
        accessKeyId:
          type: string
          description: AWS access key ID.
        region:
          type: string
          description: AWS region for SigV4 signing.
        service:
          type: string
          description: AWS service name for SigV4 signing (e.g. `s3`, `execute-api`).
        temporaryCredentialsUrl:
          type: string
          description: URL that vends temporary credentials (e.g. STS AssumeRole endpoint).
        temporaryCredentialsResponseMapping:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsResponseMapping
        temporaryCredentialsRequestParams:
          type: array
          items:
            $ref: >-
              #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4TemporaryCredentialsRequestParamsItems
          description: >-
            Additional parameters sent on the temporary-credentials swap
            request, each tagged with `sendIn` (`header` | `body` |
            `queryParam`).
      required:
        - accessKeyId
      title: >-
        V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential6:
      type: object
      properties:
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AuthMethod
        awsSigV4:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredentialOneOf6AwsSigV4
      required:
        - authMethod
      title: V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential6
    V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential:
      oneOf:
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential0
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential1
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential2
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential3
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential4
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential5
        - $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential6
      description: >-
        Nonsensitive projection of the credential, discriminated by
        `authMethod`. Secret fields (password, token, clientSecret,
        secretAccessKey) are never returned.
      title: V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential
    api-credentials_createApiCredential_Response_200:
      type: object
      properties:
        apiCredentialId:
          type: string
          description: Unique identifier of the API credential.
        name:
          type: string
          description: Display name of the credential.
        authMethod:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaAuthMethod
          description: Authentication method the credential uses.
        allowlist:
          type: array
          items:
            type: string
          description: >-
            Hostname glob patterns (e.g. `*.example.com`) that the credential is
            authorized to be used against.
        credential:
          $ref: >-
            #/components/schemas/V2ApiCredentialsPostResponsesContentApplicationJsonSchemaCredential
          description: >-
            Nonsensitive projection of the credential, discriminated by
            `authMethod`. Secret fields (password, token, clientSecret,
            secretAccessKey) are never returned.
        createdBy:
          type: string
          description: The identifier of the user who created this object.
        updatedBy:
          type: string
          description: The identifier of the user or process that last updated this object.
        createdAt:
          type: string
          format: date-time
          description: When the object was created.
        updatedAt:
          type: string
          format: date-time
          description: When the object was last updated.
        description:
          type: string
          description: Human-readable description.
      required:
        - apiCredentialId
        - name
        - authMethod
        - allowlist
        - credential
        - createdBy
        - updatedBy
        - createdAt
        - updatedAt
      title: api-credentials_createApiCredential_Response_200
  securitySchemes:
    OAuth:
      type: http
      scheme: bearer
      description: OAuth 2.0 authentication

```

## Examples



**Request**

```json
{
  "name": "string",
  "allowlist": [
    "string"
  ],
  "credential": {
    "authMethod": "basic",
    "basic": {
      "password": "string",
      "username": "string"
    }
  }
}
```

**Response**

```json
{
  "apiCredentialId": "string",
  "name": "string",
  "authMethod": "basic",
  "allowlist": [
    "string"
  ],
  "credential": {
    "authMethod": "basic",
    "basic": {
      "username": "string"
    }
  },
  "createdBy": "string",
  "updatedBy": "string",
  "createdAt": "2024-01-15T09:30:00Z",
  "updatedAt": "2024-01-15T09:30:00Z",
  "description": "string"
}
```

**SDK Code**

```python
import requests

url = "https://api.sigmacomputing.com/v2/api-credentials"

payload = {
    "name": "string",
    "allowlist": ["string"],
    "credential": {
        "authMethod": "basic",
        "basic": {
            "password": "string",
            "username": "string"
        }
    }
}
headers = {
    "Authorization": "<token>.",
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.json())
```

```javascript
const url = 'https://api.sigmacomputing.com/v2/api-credentials';
const options = {
  method: 'POST',
  headers: {Authorization: '<token>.', 'Content-Type': 'application/json'},
  body: '{"name":"string","allowlist":["string"],"credential":{"authMethod":"basic","basic":{"password":"string","username":"string"}}}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.sigmacomputing.com/v2/api-credentials"

	payload := strings.NewReader("{\n  \"name\": \"string\",\n  \"allowlist\": [\n    \"string\"\n  ],\n  \"credential\": {\n    \"authMethod\": \"basic\",\n    \"basic\": {\n      \"password\": \"string\",\n      \"username\": \"string\"\n    }\n  }\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Authorization", "<token>.")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby
require 'uri'
require 'net/http'

url = URI("https://api.sigmacomputing.com/v2/api-credentials")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = '<token>.'
request["Content-Type"] = 'application/json'
request.body = "{\n  \"name\": \"string\",\n  \"allowlist\": [\n    \"string\"\n  ],\n  \"credential\": {\n    \"authMethod\": \"basic\",\n    \"basic\": {\n      \"password\": \"string\",\n      \"username\": \"string\"\n    }\n  }\n}"

response = http.request(request)
puts response.read_body
```

```java
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.sigmacomputing.com/v2/api-credentials")
  .header("Authorization", "<token>.")
  .header("Content-Type", "application/json")
  .body("{\n  \"name\": \"string\",\n  \"allowlist\": [\n    \"string\"\n  ],\n  \"credential\": {\n    \"authMethod\": \"basic\",\n    \"basic\": {\n      \"password\": \"string\",\n      \"username\": \"string\"\n    }\n  }\n}")
  .asString();
```

```php
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.sigmacomputing.com/v2/api-credentials', [
  'body' => '{
  "name": "string",
  "allowlist": [
    "string"
  ],
  "credential": {
    "authMethod": "basic",
    "basic": {
      "password": "string",
      "username": "string"
    }
  }
}',
  'headers' => [
    'Authorization' => '<token>.',
    'Content-Type' => 'application/json',
  ],
]);

echo $response->getBody();
```

```csharp
using RestSharp;

var client = new RestClient("https://api.sigmacomputing.com/v2/api-credentials");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "<token>.");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n  \"name\": \"string\",\n  \"allowlist\": [\n    \"string\"\n  ],\n  \"credential\": {\n    \"authMethod\": \"basic\",\n    \"basic\": {\n      \"password\": \"string\",\n      \"username\": \"string\"\n    }\n  }\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift
import Foundation

let headers = [
  "Authorization": "<token>.",
  "Content-Type": "application/json"
]
let parameters = [
  "name": "string",
  "allowlist": ["string"],
  "credential": [
    "authMethod": "basic",
    "basic": [
      "password": "string",
      "username": "string"
    ]
  ]
] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.sigmacomputing.com/v2/api-credentials")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```