List Credentials
Path Parameters
Response
Errors
Add Credential
Path Parameters
Request Body
For
kind: "ip":
value must be a valid IPv4/IPv6 address or CIDR range. The stored data object also carries a notes string (empty unless set via the client’s ip_address dual-write path), so credential responses for kind: "ip" return data as { "value": ..., "notes": ... }.
For kind: "mtls_thumbprint" — issue a new certificate:
reveal field. The private key is never stored.
For kind: "mtls_thumbprint" — register an existing certificate:
sha256_thumbprint must be a SHA-256 hex digest. Non-hex characters are stripped before validation, and the remaining string must be exactly 64 hex characters or the request fails with 400 validation_error (data.sha256_thumbprint must be a SHA-256 hex digest (64 hex chars).).
Response
mtls_thumbprint with mode: "issue", the response also includes a one-time reveal field: