package main
import(
"context"
"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
"log"
)
func main() {
ctx := context.Background()
s := conductoronesdkgo.New(
conductoronesdkgo.WithSecurity(shared.Security{
BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
Oauth: "<YOUR_OAUTH_HERE>",
}),
)
res, err := s.Principal.CreateCredential(ctx, operations.C1APIServicePrincipalV1ServicePrincipalServiceCreateCredentialRequest{
ServicePrincipalID: "<id>",
})
if err != nil {
log.Fatal(err)
}
if res.ServicePrincipalServiceCreateCredentialResponse != nil {
// handle response
}
}import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript";
const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
security: {
bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
oauth: "<YOUR_OAUTH_HERE>",
},
});
async function run() {
const result = await conductoroneSDKTypescript.principal.createCredential({
servicePrincipalId: "<id>",
});
console.log(result);
}
run();curl --request POST \
--url https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"allowSourceCidrs": [
"<string>"
],
"displayName": "<string>",
"expires": "<string>",
"requireDpop": true,
"scopedRoles": [
"<string>"
]
}
'import requests
url = "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials"
payload = {
"allowSourceCidrs": ["<string>"],
"displayName": "<string>",
"expires": "<string>",
"requireDpop": True,
"scopedRoles": ["<string>"]
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
allowSourceCidrs: ['<string>'],
displayName: '<string>',
expires: '<string>',
requireDpop: true,
scopedRoles: ['<string>']
})
};
fetch('https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'allowSourceCidrs' => [
'<string>'
],
'displayName' => '<string>',
'expires' => '<string>',
'requireDpop' => true,
'scopedRoles' => [
'<string>'
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}HttpResponse<String> response = Unirest.post("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"allowSourceCidrs\": [\n \"<string>\"\n ],\n \"displayName\": \"<string>\",\n \"expires\": \"<string>\",\n \"requireDpop\": true,\n \"scopedRoles\": [\n \"<string>\"\n ]\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"allowSourceCidrs\": [\n \"<string>\"\n ],\n \"displayName\": \"<string>\",\n \"expires\": \"<string>\",\n \"requireDpop\": true,\n \"scopedRoles\": [\n \"<string>\"\n ]\n}"
response = http.request(request)
puts response.read_body{
"clientSecret": "<string>",
"credential": {
"allowSourceCidrs": [
"<string>"
],
"clientId": "<string>",
"createdAt": "2023-11-07T05:31:56Z",
"displayName": "<string>",
"expiresAt": "2023-11-07T05:31:56Z",
"id": "<string>",
"lastUsedAt": "2023-11-07T05:31:56Z",
"requireDpop": true,
"scopedRoleIds": [
"<string>"
],
"servicePrincipalId": "<string>"
}
}Create Credential
CreateCredential creates a new client credential for a service principal.
package main
import(
"context"
"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
"log"
)
func main() {
ctx := context.Background()
s := conductoronesdkgo.New(
conductoronesdkgo.WithSecurity(shared.Security{
BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
Oauth: "<YOUR_OAUTH_HERE>",
}),
)
res, err := s.Principal.CreateCredential(ctx, operations.C1APIServicePrincipalV1ServicePrincipalServiceCreateCredentialRequest{
ServicePrincipalID: "<id>",
})
if err != nil {
log.Fatal(err)
}
if res.ServicePrincipalServiceCreateCredentialResponse != nil {
// handle response
}
}import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript";
const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
security: {
bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
oauth: "<YOUR_OAUTH_HERE>",
},
});
async function run() {
const result = await conductoroneSDKTypescript.principal.createCredential({
servicePrincipalId: "<id>",
});
console.log(result);
}
run();curl --request POST \
--url https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"allowSourceCidrs": [
"<string>"
],
"displayName": "<string>",
"expires": "<string>",
"requireDpop": true,
"scopedRoles": [
"<string>"
]
}
'import requests
url = "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials"
payload = {
"allowSourceCidrs": ["<string>"],
"displayName": "<string>",
"expires": "<string>",
"requireDpop": True,
"scopedRoles": ["<string>"]
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
allowSourceCidrs: ['<string>'],
displayName: '<string>',
expires: '<string>',
requireDpop: true,
scopedRoles: ['<string>']
})
};
fetch('https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'allowSourceCidrs' => [
'<string>'
],
'displayName' => '<string>',
'expires' => '<string>',
'requireDpop' => true,
'scopedRoles' => [
'<string>'
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}HttpResponse<String> response = Unirest.post("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"allowSourceCidrs\": [\n \"<string>\"\n ],\n \"displayName\": \"<string>\",\n \"expires\": \"<string>\",\n \"requireDpop\": true,\n \"scopedRoles\": [\n \"<string>\"\n ]\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenantDomain}.conductor.one/api/v1/service_principals/{service_principal_id}/credentials")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"allowSourceCidrs\": [\n \"<string>\"\n ],\n \"displayName\": \"<string>\",\n \"expires\": \"<string>\",\n \"requireDpop\": true,\n \"scopedRoles\": [\n \"<string>\"\n ]\n}"
response = http.request(request)
puts response.read_body{
"clientSecret": "<string>",
"credential": {
"allowSourceCidrs": [
"<string>"
],
"clientId": "<string>",
"createdAt": "2023-11-07T05:31:56Z",
"displayName": "<string>",
"expiresAt": "2023-11-07T05:31:56Z",
"id": "<string>",
"lastUsedAt": "2023-11-07T05:31:56Z",
"requireDpop": true,
"scopedRoleIds": [
"<string>"
],
"servicePrincipalId": "<string>"
}
}Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.
Path Parameters
The service principal ID to create the credential for.
Body
The ServicePrincipalServiceCreateCredentialRequest message.
A list of CIDRs to restrict this credential to. Accepts IPv4 (e.g. 10.0.0.0/24) or IPv6 (e.g. 2001:db8::/32) CIDRs.
The display name for the new credential.
If true, requires DPoP proof-of-possession for token exchange using this credential.
The list of roles to restrict the credential to.
Response
Successful response
The ServicePrincipalServiceCreateCredentialResponse message.
Was this page helpful?