Create Credential(s)

Create a Credential

Creating credentials in Nexla allows you to securely store authentication information for external systems. These credentials can then be associated with data sources and destinations, providing secure access to your data infrastructure.

Credential Creation Methods

You can create credentials in several ways:

Direct Creation: Use the dedicated credential creation endpoint
Source Creation: Create credentials when setting up data sources
Destination Creation: Create credentials when configuring data destinations

Direct Creation Endpoint

The primary endpoint for creating credentials is:

POST /data_credentials

Required Fields

When creating credentials, you must specify:

name: A descriptive name for the credential
credentials_type: The type of system being authenticated
credentials: The actual authentication data

Nexla API

Create A Credential: Request
POST /data_credentials

{
  "name": "Test S3 Credentials",
  "description": "AWS S3 access for data storage",
  "credentials_type": "s3",
  "credentials": {
    "credentials_type": "s3",
    "access_key_id": "<AWS Access Key>",
    "secret_key": "<AWS Secret Key>"
  }
}

Response Structure

A successful creation returns a complete credential object with all configuration details and metadata.

Nexla API

Create A Credential: Response
{
  "id": 5008,
  "name": "Test S3 Credentials",
  "description": "AWS S3 access for data storage",
  "owner": {
    "id": 42,
    "full_name": "John Smith",
    "email": "john.smith@example.com"
  },
  "org": {
    "id": 101,
    "name": "Acme Corporation",
    "email_domain": "acme.com"
  },
  "access_roles": ["owner"],
  "credentials_type": "s3",
  "credentials_version": "1",
  "credentials_non_secure_data": {
    "bucket": "my-data-bucket",
    "region": "us-east-1"
  },
  "verified_status": null,
  "verified_at": null,
  "updated_at": "2023-01-15T20:24:25.209Z",
  "created_at": "2023-01-15T20:24:25.209Z"
}

Credential Types

Nexla supports various credential types for different systems:

File System Credentials

AWS S3:

{
  "name": "S3 Production Credentials",
  "credentials_type": "s3",
  "credentials": {
    "access_key_id": "<AWS Access Key>",
    "secret_key": "<AWS Secret Key>"
  }
}

Google Cloud Storage:

{
  "name": "GCS Analytics Credentials",
  "credentials_type": "gcs",
  "credentials": {
    "service_account_key": "<Base64 Encoded Key>"
  }
}

Database Credentials

PostgreSQL:

{
  "name": "PostgreSQL Analytics DB",
  "credentials_type": "postgres",
  "credentials": {
    "host": "db.example.com",
    "port": 5432,
    "database": "analytics",
    "username": "analytics_user",
    "password": "<Password>"
  }
}

MySQL:

{
  "name": "MySQL Production DB",
  "credentials_type": "mysql",
  "credentials": {
    "host": "mysql.example.com",
    "port": 3306,
    "database": "production",
    "username": "data_user",
    "password": "<Password>"
  }
}

API Credentials

REST API:

{
  "name": "External API Service",
  "credentials_type": "rest",
  "credentials": {
    "api_key": "<API Key>",
    "base_url": "https://api.example.com"
  }
}

Security Considerations

Encryption

All credential data is automatically encrypted:

AES Encryption: Industry-standard encryption algorithm
Unique IVs: Each credential has a unique initialization vector
Secure Storage: Credentials are never stored in plain text

Access Control

Credential access is controlled through:

Ownership: Only credential owners can view full details
Organization Boundaries: Credentials are isolated by organization
Team Permissions: Access can be granted to team members

Post-Creation Steps

After successfully creating credentials, you should:

Test Connection: Validate that the credentials work correctly
Associate Resources: Connect credentials to data sources or destinations
Monitor Usage: Track which resources are using the credentials
Set Permissions: Configure access rights for team members

Testing Credentials

You can test credential validity using the probe endpoint:

PUT /data_credentials/{credential_id}/probe/authenticate

Best Practices

To ensure secure and effective credential management:

Use Descriptive Names: Choose clear names that identify the purpose and system
Include Descriptions: Add descriptions to clarify credential usage
Test Before Use: Validate credentials before associating with resources
Regular Rotation: Periodically rotate credentials for enhanced security
Monitor Access: Track credential usage and access patterns

Error Handling

Common creation issues and solutions:

Invalid Credential Type: Ensure the credentials_type is supported
Missing Required Fields: Verify all mandatory parameters are provided
Invalid Credential Data: Check that credential format matches the type
Permission Issues: Ensure your account can create credentials

After creating credentials, you may need to:

Test Credentials

PUT /data_credentials/{credential_id}/probe/authenticate

Update Credentials

PUT /data_credentials/{credential_id}

View Credential Details

GET /data_credentials/{credential_id}

Associate with Resources

POST /data_sources
POST /data_sinks

Create a Credential​

Credential Creation Methods​

Direct Creation Endpoint​

Required Fields​

Response Structure​

Credential Types​

File System Credentials​

Database Credentials​

API Credentials​

Security Considerations​

Encryption​

Access Control​

Post-Creation Steps​

Testing Credentials​

Best Practices​

Error Handling​

Related Operations​

Test Credentials​

Update Credentials​

View Credential Details​

Associate with Resources​