Skip to main content

List/View Credentials

Listing and viewing credentials in Nexla allows you to manage your authentication resources, understand their usage, and ensure proper access control. The system provides both API and CLI methods for credential management.

List All Credentials

Both the Nexla API and the Nexla CLI support methods to list all credentials in the authenticated user's account. Details like ID, name and type are displayed.

API Endpoint

The primary endpoint for listing credentials is:

GET /data_credentials
List All Credentials: Request
GET /data_credentials

Response Structure

The API response includes comprehensive credential information while maintaining security by not exposing sensitive authentication data.

List All Credentials: Response
[
  {
    "id": 5001,
    "owner": {
      "id": 42,
      "full_name": "John Smith"
    },
    "org": {
      "id": 101,
      "name": "Acme Corporation"
    },
    "access_roles": ["owner"],
    "credentials_type": "s3",
    "credentials_version": "1",
    "credentials_enc": "ud2l8XsvD8ysm/YCzPnKUnhfoOFipQ0AY7gUfH7BL53KsSwT9XFJmV4W69flXZgDDF2c9cB9s8GGfFDNGWCWhnPeYj1Y8B02t6iadnJmzzRANIt7W/wr/bWl2AlOwbgeSycXSWfweMu3OOD/yv87U9SFiIxeXlrq8HkivJ2ziFmmgytork9T4w==",
    "credentials_enc_iv": "tUS05ULTGWtJmMk+",
    "updated_at": "2023-01-15T22:15:04.000Z",
    "created_at": "2023-01-15T22:15:04.000Z"
  }
]

Show One Credential

Fetch a specific credential accessible to the authenticated user. The response will contain all the non-secure parts of the credential (like the FTP username) that are helpful to understand the credential context, but will never contain secure sensitive fields (like FTP password).

Single Credential Endpoint

To retrieve a specific credential:

GET /data_credentials/{credential_id}
Show One Credential: Request
GET /data_credentials/5001

Single Credential Response

The response includes detailed credential information while maintaining security by only showing non-sensitive configuration data.

Show One Credential: Response
{
  "id": 5001,
  "owner": {
    "id": 42,
    "full_name": "John Smith"
  },
  "org": {
    "id": 101,
    "name": "Acme Corporation"
  },
  "access_roles": ["owner"],
  "name": "Test API",
  "description": "API credentials for demo service",
  "credentials_type": "rest",
  "credentials_non_secure_data": {
    "auth.type": "NONE",
    "ignore.ssl.cert.validation": false,
    "test.method": "GET",
    "test.content.type": "application/json",
    "jwt.enabled": false,
    "hmac.enabled": false,
    "test.url": "https://demo-api.com/api/info.php?tid=1"
  }
}

Credential Information Fields

The response includes several important fields that help you understand and manage your credentials:

Basic Information

  • id: Unique identifier for the credential
  • name: Descriptive name for the credential
  • description: Optional description of the credential's purpose
  • credentials_type: Type of system the credential authenticates

Security and Access

  • credentials_version: Version of the credential format
  • credentials_enc: Encrypted credential data (never decrypted in responses)
  • credentials_enc_iv: Initialization vector for encryption
  • access_roles: User's access level to this credential

Ownership and Organization

  • owner: User who owns the credential
  • org: Organization the credential belongs to
  • created_at: When the credential was created
  • updated_at: When the credential was last modified

Filtering and Pagination

You can use query parameters to filter and paginate credential results:

Type Filtering

GET /data_credentials?credentials_type=s3
GET /data_credentials?credentials_type=postgres

Pagination

GET /data_credentials?page=1&per_page=50

Search by Tags

POST /data_credentials/search_tags

Credential Security

Credential security is a fundamental aspect of the Nexla platform, ensuring that sensitive authentication information is never exposed in clear text. All credential data is encrypted using industry-standard encryption algorithms and stored securely within the system. The platform implements multiple layers of security including encrypted storage, secure transmission, and strict access controls to protect your authentication credentials.

Encrypted Storage

All sensitive credential data is encrypted using:

  • AES Encryption: Industry-standard encryption algorithm
  • Unique IVs: Each credential has a unique initialization vector
  • Secure Transmission: Credentials are never sent in clear text

Access Control

Credential access is controlled through:

  • Ownership: Only credential owners can view full details
  • Organization Boundaries: Credentials are isolated by organization
  • Team Permissions: Access can be granted to team members

Best Practices

When listing and viewing credentials:

  1. Use Descriptive Names: Choose clear names that identify the purpose
  2. Monitor Usage: Track which resources are using specific credentials
  3. Regular Review: Periodically review credential access and permissions
  4. Secure Access: Ensure only authorized users can view credential details
  5. Document Purpose: Use descriptions to clarify credential usage

After viewing credentials, you may need to perform the following operations:

Test Credentials

PUT /data_credentials/{id}/probe/authenticate

Update Credentials

PUT /data_credentials/{id}

Delete Credentials

DELETE /data_credentials/{id}

View Usage

GET /data_credentials/{id}/usage