LightningWeb.API.CredentialController (Lightning v2.15.0-pre5)

View Source

API controller for credential management.

Handles creation, retrieval, and deletion of credentials. Credentials are used to authenticate with external services and can be associated with multiple projects.

Security

  • Credential bodies are excluded from responses for security
  • Users can only delete credentials they own
  • Project access is required to view project credentials

Examples

GET /api/credentials
GET /api/credentials?project_id=a1b2c3d4-...
POST /api/credentials
DELETE /api/credentials/a1b2c3d4-...

Summary

Functions

create(conn, params)

Creates a new credential and optionally grants it access to projects.

delete(conn, map)

Deletes a credential owned by the authenticated user.

index(conn, arg2)

Lists credentials with optional project filtering.

Functions

create(conn, params)

@spec create(Plug.Conn.t(), map()) :: Plug.Conn.t()

Creates a new credential and optionally grants it access to projects.

Creates a credential owned by the authenticated user. If project_credentials are specified, the user must have access to all listed projects. The credential body is included in the response only upon creation.

Parameters

  • conn - The Plug connection struct with the current resource assigned
  • params - Map containing:
    • name - Credential name (required)
    • body - Credential JSON body with authentication details (required)
    • project_credentials - List of project associations (optional)

Returns

  • 201 Created with credential JSON including body
  • 422 Unprocessable Entity on validation errors
  • 403 Forbidden if user lacks access to specified projects

Examples

# Create credential without project association
POST /api/credentials
{
  "name": "My API Key",
  "body": {"apiKey": "secret123"}
}

# Create credential with project associations
POST /api/credentials
{
  "name": "Shared Credential",
  "body": {"token": "abc123"},
  "project_credentials": [
    {"project_id": "a1b2c3d4-..."}
  ]
}

delete(conn, map)

@spec delete(Plug.Conn.t(), map()) :: Plug.Conn.t()

Deletes a credential owned by the authenticated user.

Permanently removes a credential. Only the credential owner can delete it. Credentials in use by workflows cannot be deleted and will return an error.

Parameters

  • conn - The Plug connection struct with the current resource assigned
  • params - Map containing:
    • id - Credential UUID (required)

Returns

  • 204 No Content on successful deletion
  • 404 Not Found if credential doesn't exist or invalid UUID
  • 403 Forbidden if user is not the credential owner

Examples

DELETE /api/credentials/a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d

index(conn, arg2)

@spec index(Plug.Conn.t(), map()) :: Plug.Conn.t()

Lists credentials with optional project filtering.

This function has two variants:

  • With project_id: Returns all credentials for a specific project (regardless of owner)
  • Without project_id: Returns only credentials owned by the authenticated user

Credential bodies are excluded from responses for security.

Parameters

  • conn - The Plug connection struct with the current resource assigned
  • params - Map containing:
    • project_id - Project UUID (optional, filters to specific project)

Returns

  • 200 OK with list of credentials (bodies excluded)
  • 404 Not Found if project doesn't exist (when project_id provided)
  • 403 Forbidden if user lacks project access (when project_id provided)

Examples

# User's own credentials
GET /api/credentials

# All credentials for a project
GET /api/credentials?project_id=a1b2c3d4-5e6f-7a8b-9c0d-1e2f3a4b5c6d