Authenticate With Application Credential
const url = 'https://example.com/vault/v1/workspaces/example/engines/qibdo/applicationcredentials:authenticate';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"workspace":"example","role_id":"example","secret_id":"example","requested_ttl":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/vault/v1/workspaces/example/engines/qibdo/applicationcredentials:authenticate \ --header 'Content-Type: application/json' \ --data '{ "workspace": "example", "role_id": "example", "secret_id": "example", "requested_ttl": "example" }'Verifies the supplied RoleID + SecretID and, on success, returns a short-lived access token bound to the credential’s principal. The SecretID itself is the auth proof, so this RPC is workspace-public — gated only by SecretID verification, never by vault permissions.
Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”The workspace the credential belongs to.
Request Body required
Section titled “Request Body required ”Request payload for Authenticate With Qibdo Application Credential
Carries the input fields required to authenticate with qibdo application credential.
object
The workspace the credential belongs to.
The RoleID (UUID) of the credential to authenticate against.
The SecretID returned by Issue or RotateSecretId.
Optional explicit TTL request for the issued access token. Capped at the credential’s max_ttl. When unset, the credential’s default ttl applies.
Example generated
{ "workspace": "example", "role_id": "example", "secret_id": "example", "requested_ttl": "example"}Responses
Section titled “ Responses ”OK
Response payload from Authenticate With Qibdo Application Credential
Carries the output produced by authenticate with qibdo application credential.
object
Short-lived the vault backend access token bound to the credential’s principal.
Timestamp at which the access token expires.
Example generated
{ "access_token": "example", "expires_at": "2026-04-15T12:00:00Z"}default
Section titled “default ”Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
object
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
A list of messages that carry the error details. There is a common set of message types for APIs to use.
Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.
object
The type of the serialized message.
Example generated
{ "code": 1, "message": "example", "details": [ { "@type": "example" } ]}