Credential Store API

Use the following information to create credentials through the API and use them in integrations.

The Credential Store APIs use the config service and its http endpoints. The major difference between the Credential Store API and the other APIs is that the Credential Store encrypts data at rest and never returns it in plain text.

Types of Credentials

These are the credential types used in Moogsoft Cloud and how they are mapped:

TypeValueIntegration Type
AWS IAMaws_credentialCloudwatch Integration
Azure App Insightsazure_appinsights_credentialAzure App Insights cloud-to-cloud integration
Bearer Tokenbearer_credentialWebhooks
Basic Authbasic_credentialWebhooks
Datadogdatadog_credentialDatadog Integration
MongoDBmongodb_credentialCollector Plugin
MySQLmysql_credentialCollector Plugin
PagerDutypagerduty_credentialPagerduty Integration
Redisredis_credentialCollector Plugin

Create a credential

HTTP method POST
Base URL:
URL Params:

{"attributes":{"token:"<token_value>"},"tenant":<my_tenant>","component":"bearer_credential","owner":"test token","encrypt":true} 

Important items to note:

  • component must map to a value in the table above so it can be referenced by different integrations
  • Fields under attributes vary, depending on the type of credential being created
  • owner is set to the name of the credential
  • tenant is the name of your Moogsoft Cloud tenant

Update an existing credential

Updating a credential works the same way as creating one, except you replace the POST method with PATCH.

Retrieve a credential

HTTP method GET
Base URL:
URL Params:


encrypt=true must be set otherwise credentials are not returned. Failure to set encrypt=true causes an empty list of configs to be returned (although not an API error as might be expected).

API Response

{"status":"success","data":[{"tenant":"<my_tenant>","component":"bearer_credential","owner":"test token","token":"********","created_by":"[email protected]"}]}

Notice that, in the API response, token is set to **** so never returns as plain text.

Assign a credential to an integration

After you create a bearer token as shown above, you can then assign it to a webhook.

When using an API to create an outbound webhook integration, add a section to the payload as follows:

Credentials: { type: “BEARER”, name: “test token” } 

This enables that webhook integration to reuse that credential.