Post vaultcredential requests
Authorizations
JWT Bearer token obtained from authentication. Pass as: Authorization: Bearer
Body
Input for creating a human-in-the-loop credential request — the secret is never passed as a tool argument; a human supplies it out-of-band.
Type of credential the human is asked to provide
login, secure_note, card, identity, oauth_token, api_key, certificate Display name for the credential to be created
1Human-readable explanation of why the credential is needed, shown to the owner
1Agent identifier. Optional when using an agent API key (resolved automatically); required when using a master key.
^[0-9a-z]+$Request TTL in seconds (60-3600, default 900 = 15 minutes)
60 <= x <= 3600The MCP layer sets this true ONLY on the no-elicitation fallback path; the api emails the fillUrl to the org owner iff true.
Response
OK
Created credential request — carries the fill URL and pending status, or a synchronously resolved reference
Unique credential request identifier
Token-gated URL where the human submits the secret (fallback / URL-mode path)
Current request status
PENDING, FULFILLED, EXPIRED, DECLINED, CANCELLED When the request expires and the fill URL stops working
Whether the fill URL was emailed to the agent owner (false if no humanEmail is set)
Resolved vault credential ID when the inline path fulfills synchronously; null otherwise
