Skip to main content
POST
/
api
/
v1
/
service_principals
/
{service_principal_id}
/
credentials
CreateCredential
package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.Principal.CreateCredential(ctx, operations.C1APIServicePrincipalV1ServicePrincipalServiceCreateCredentialRequest{
        ServicePrincipalID: "<id>",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.ServicePrincipalServiceCreateCredentialResponse != nil {
        // handle response
    }
}
{
  "clientSecret": "<string>",
  "credential": {
    "allowSourceCidrs": [
      "<string>"
    ],
    "clientId": "<string>",
    "createdAt": "2023-11-07T05:31:56Z",
    "displayName": "<string>",
    "expiresAt": "2023-11-07T05:31:56Z",
    "id": "<string>",
    "lastUsedAt": "2023-11-07T05:31:56Z",
    "requireDpop": true,
    "scopedRoleIds": [
      "<string>"
    ],
    "servicePrincipalId": "<string>"
  }
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization
string
header
required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Path Parameters

service_principal_id
string
required

The service principal ID to create the credential for.

Body

application/json

The ServicePrincipalServiceCreateCredentialRequest message.

allowSourceCidrs
string[] | null

A list of CIDRs to restrict this credential to. Accepts IPv4 (e.g. 10.0.0.0/24) or IPv6 (e.g. 2001:db8::/32) CIDRs.

displayName
string

The display name for the new credential.

expires
string<duration>
requireDpop
boolean

If true, requires DPoP proof-of-possession for token exchange using this credential.

scopedRoles
string[] | null

The list of roles to restrict the credential to.

Response

200 - application/json

Successful response

The ServicePrincipalServiceCreateCredentialResponse message.

clientSecret
string

The client secret. Shown exactly once at creation -- cannot be retrieved again.

credential
Service Principal Credential · object

ServicePrincipalCredential represents a client credential for a service principal.