Credential Store API

Use the following information to create credentials through the API and use them in integrations.

The Credential Store APIs use the config service and its http endpoints. The major difference between the Credential Store API and the other APIs is that the Credential Store encrypts data at rest and never returns it in plain text.

Types of Credentials

These are the credential types used in Moogsoft Cloud and how they are mapped:

Type

Value

Integration Type

AWS IAM

aws_credential

Cloudwatch Integration

Azure App Insights

azure_appinsights_credential

Azure App Insights cloud-to-cloud integration

Bearer Token

bearer_credential

Webhooks

Basic Auth

basic_credential

Webhooks

Datadog

datadog_credential

Datadog Integration

MongoDB

mongodb_credential

Collector Plugin

MySQL

mysql_credential

Collector Plugin

PagerDuty

pagerduty_credential

Pagerduty Integration

Redis

redis_credential

Collector Plugin

Create a credential

HTTP method POST
Base URL: https://api.moogsoft.ai/v1/config
URL Params:

{"attributes":{"token:"<token_value>"},"tenant":<my_tenant>","component":"bearer_credential","owner":"test token","encrypt":true} 

Important items to note:

  • component must map to a value in the table above so it can be referenced by different integrations
  • Fields under attributes vary, depending on the type of credential being created
  • owner is set to the name of the credential
  • tenant is the name of your Moogsoft Cloud tenant

Update an existing credential

Updating a credential works the same way as creating one, except you replace the POST method with PATCH.

Retrieve a credential

HTTP method GET
Base URL: https://api.moogsoft.ai/v2/config/search
URL Params:

tenant<my_tenant>&limit=1&component=bearer_credential&owner=test+token&encrypt=true&fuzzy=true

Important
encrypt=true must be set otherwise credentials are not returned. Failure to set encrypt=true causes an empty list of configs to be returned (although not an API error as might be expected).

API Response

{"status":"success","data":[{"tenant":"<my_tenant>","component":"bearer_credential","owner":"test token","token":"********","created_by":"[email protected]"}]}

Notice that, in the API response, token is set to **** so never returns as plain text.

Assign a credential to an integration

After you create a bearer token as shown above, you can then assign it to a webhook.

When using an API to create an outbound webhook integration, add a section to the payload as follows:

Credentials: { type: “BEARER”, name: “test token” } 

This enables that webhook integration to reuse that credential.