Skip to main content
POST
cURL

Authorizations

Authorization
string
header
required

JWT Bearer token obtained from authentication. Pass as: Authorization: Bearer

Path Parameters

id
string
required

Credential ID to broker the call with

Body

application/json

Make an outbound HTTP call with the credential attached server-side. The plaintext secret is never returned — the agent only sees the upstream response.

method
enum<string>
required

HTTP method for the outbound call

Available options:
GET,
POST,
PUT,
PATCH,
DELETE,
HEAD
url
string<uri>
required

Absolute https:// URL. Its host MUST be on the credential's allowlist.

agentId
string

Agent ID (optional when using an agent API key)

headers
object

Extra request headers. Any Authorization / auth header is ignored and replaced by the credential.

body
string

Raw request body (encode JSON yourself).

Response

200 - application/json

OK

The upstream response, scrubbed of the injected credential.

status
integer
required

Upstream HTTP status code

headers
object
required

Upstream response headers

body
string
required

Upstream response body (UTF-8, size-capped)

truncated
boolean
required

True if the response body exceeded the size cap and was cut off