Skip to main content

Endpoint

GET /v1/vault/credentials

Authentication

Requires a developer API key in the Authorization header.

Request Headers

HeaderValue
AuthorizationBearer <api_key>

Query Parameters

ParameterTypeRequiredDescription
principalIdstringNoFilter by principal ID
servicestringNoFilter by service name

Example Request

curl "https://grantex-auth-dd4mtrt2gq-uc.a.run.app/v1/vault/credentials?principalId=user_abc123" \
  -H "Authorization: Bearer gx_..."

Response — 200 OK

{
  "credentials": [
    {
      "id": "vc_01HXYZ...",
      "principalId": "user_abc123",
      "service": "github",
      "credentialType": "oauth2",
      "tokenExpiresAt": "2026-04-06T12:00:00.000Z",
      "metadata": { "scopes": ["repo", "read:org"] },
      "createdAt": "2026-04-05T12:00:00.000Z",
      "updatedAt": "2026-04-05T12:00:00.000Z"
    }
  ]
}

Response Fields

FieldTypeDescription
credentialsarrayArray of credential metadata objects
credentials[].idstringUnique vault credential ID
credentials[].principalIdstringThe principal who owns this credential
credentials[].servicestringService identifier
credentials[].credentialTypestringCredential type (e.g. "oauth2")
credentials[].tokenExpiresAtstring | nullISO-8601 token expiry, or null if not set
credentials[].metadataobjectArbitrary metadata
credentials[].createdAtstringISO-8601 creation timestamp
credentials[].updatedAtstringISO-8601 last update timestamp
Raw access tokens and refresh tokens are never included in list responses. Use the Exchange endpoint to retrieve a decrypted access token with a valid grant token.

Error Responses

StatusCodeDescription
401UNAUTHORIZEDInvalid or missing API key

SDK Examples

import Grantex from '@grantex/sdk';

const grantex = new Grantex({ apiKey: 'gx_...' });

const { credentials } = await grantex.vault.list({ principalId: 'user_abc123' });
for (const c of credentials) {
  console.log(`${c.service} — expires: ${c.tokenExpiresAt}`);
}