> ## Documentation Index
> Fetch the complete documentation index at: https://docs.useanima.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# Post vaultcredential requests



## OpenAPI

````yaml /openapi.json post /vault/credential-requests
openapi: 3.1.1
info:
  title: Anima API
  version: 0.1.0
  description: >-
    The Anima API provides programmatic access to unified infrastructure for AI
    agents: create and manage agents; send and receive email; place phone calls
    and send/receive SMS and voice; store and retrieve vault credentials; manage
    agent identity; and configure webhooks for real-time events. Authenticate
    using a Bearer token or an API key passed via the X-API-Key header.
  contact:
    name: Anima Labs
    url: https://useanima.sh
    email: support@useanima.sh
  license:
    name: MIT
    url: https://opensource.org/licenses/MIT
servers:
  - url: https://api.useanima.sh/v1
    description: Production
security:
  - BearerAuth: []
  - ApiKeyAuth: []
tags:
  - name: Agents
    description: Create and manage AI agents with email and phone capabilities
  - name: Inboxes
    description: Manage email inboxes and their configurations
  - name: Messages
    description: Send, receive, and search email messages
  - name: Webhooks
    description: Register and manage webhook subscriptions for real-time events
  - name: Organizations
    description: Manage organizations and team settings
  - name: Domains
    description: Configure and verify custom email domains
  - name: Phone
    description: Manage phone numbers and SMS/voice capabilities
  - name: Invoices
    description: Track invoices, match receipts, and reconcile payments
  - name: Billing
    description: View usage, tiers, and billing information
  - name: Security
    description: Configure security policies and access controls
  - name: Vault
    description: Store and retrieve encrypted secrets
  - name: API Keys
    description: Create and manage API keys for programmatic access
paths:
  /vault/credential-requests:
    post:
      operationId: vault.credentialRequestCreate
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                agentId:
                  anyOf:
                    - type: string
                      pattern: ^[0-9a-z]+$
                    - type: string
                      pattern: ^[0-9A-HJKMNP-TV-Z]{26}$
                  description: >-
                    Agent identifier. Optional when using an agent API key
                    (resolved automatically); required when using a master key.
                type:
                  enum:
                    - login
                    - secure_note
                    - card
                    - identity
                    - oauth_token
                    - api_key
                    - certificate
                  type: string
                  description: Type of credential the human is asked to provide
                name:
                  type: string
                  minLength: 1
                  description: Display name for the credential to be created
                reason:
                  type: string
                  minLength: 1
                  description: >-
                    Human-readable explanation of why the credential is needed,
                    shown to the owner
                ttlSeconds:
                  default: 900
                  type: integer
                  minimum: 60
                  maximum: 3600
                  description: Request TTL in seconds (60-3600, default 900 = 15 minutes)
                notifyOwner:
                  default: false
                  type: boolean
                  description: >-
                    The MCP layer sets this true ONLY on the no-elicitation
                    fallback path; the api emails the fillUrl to the org owner
                    iff true.
              required:
                - type
                - name
                - reason
              description: >-
                Input for creating a human-in-the-loop credential request — the
                secret is never passed as a tool argument; a human supplies it
                out-of-band.
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  requestId:
                    type: string
                    description: Unique credential request identifier
                  fillUrl:
                    type: string
                    description: >-
                      Token-gated URL where the human submits the secret
                      (fallback / URL-mode path)
                  status:
                    enum:
                      - PENDING
                      - FULFILLED
                      - EXPIRED
                      - DECLINED
                      - CANCELLED
                    type: string
                    description: Current request status
                  expiresAt:
                    type: string
                    format: date-time
                    description: When the request expires and the fill URL stops working
                  emailSent:
                    type: boolean
                    description: >-
                      Whether the fill URL was emailed to the agent owner (false
                      if no humanEmail is set)
                  credentialId:
                    anyOf:
                      - type: string
                      - type: 'null'
                    description: >-
                      Resolved vault credential ID when the inline path fulfills
                      synchronously; null otherwise
                required:
                  - requestId
                  - fillUrl
                  - status
                  - expiresAt
                  - emailSent
                description: >-
                  Created credential request — carries the fill URL and pending
                  status, or a synchronously resolved reference
components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        JWT Bearer token obtained from authentication. Pass as: Authorization:
        Bearer <token>
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
      description: 'API key for programmatic access. Pass as: X-API-Key: <your-key>'

````