Skip to content
qibdo qibdo
v1
API version
  • v1
Theme
Book a demo

Authenticate With Application Credential

POST
/vault/v1/workspaces/{workspace}/engines/qibdo/applicationcredentials:authenticate
curl --request POST \
--url https://example.com/vault/v1/workspaces/example/engines/qibdo/applicationcredentials:authenticate \
--header 'Content-Type: application/json' \
--data '{ "workspace": "example", "role_id": "example", "secret_id": "example", "requested_ttl": "example" }'

Verifies the supplied RoleID + SecretID and, on success, returns a short-lived access token bound to the credential’s principal. The SecretID itself is the auth proof, so this RPC is workspace-public — gated only by SecretID verification, never by vault permissions.

workspace
required
string

The workspace the credential belongs to.

Media type application/json

Request payload for Authenticate With Qibdo Application Credential

Carries the input fields required to authenticate with qibdo application credential.

object
workspace
required

The workspace the credential belongs to.

string
role_id
required

The RoleID (UUID) of the credential to authenticate against.

string
secret_id
required

The SecretID returned by Issue or RotateSecretId.

string
requested_ttl

Optional explicit TTL request for the issued access token. Capped at the credential’s max_ttl. When unset, the credential’s default ttl applies.

string
/^-?(?:0|[1-9][0-9]{0,11})(?:\.[0-9]{1,9})?s$/
Example generated
{
"workspace": "example",
"role_id": "example",
"secret_id": "example",
"requested_ttl": "example"
}

OK

Media type application/json

Response payload from Authenticate With Qibdo Application Credential

Carries the output produced by authenticate with qibdo application credential.

object
access_token

Short-lived the vault backend access token bound to the credential’s principal.

string
expires_at

Timestamp at which the access token expires.

string format: date-time
Example generated
{
"access_token": "example",
"expires_at": "2026-04-15T12:00:00Z"
}

Default error response

Media type application/json

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

object
code

The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].

integer format: int32
message

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.

string
details

A list of messages that carry the error details. There is a common set of message types for APIs to use.

Array<object>

Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.

object
@type

The type of the serialized message.

string
key
additional properties
any
Example generated
{
"code": 1,
"message": "example",
"details": [
{
"@type": "example"
}
]
}