Create API Credentials.
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/web/namespaces/example/api_credentials';const options = { method: 'POST', headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'}, body: '{"expiration_days":1,"name":"example","namespace":"example","spec":{"password":"example","type":"API_CERTIFICATE","virtual_k8s_name":"example","virtual_k8s_namespace":"example"}}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/web/namespaces/example/api_credentials \ --header 'Authorization: <Authorization>' \ --header 'Content-Type: application/json' \ --data '{ "expiration_days": 1, "name": "example", "namespace": "example", "spec": { "password": "example", "type": "API_CERTIFICATE", "virtual_k8s_name": "example", "virtual_k8s_namespace": "example" } }'User can request 3 types of credential for themselves. API_TOKEN, API_CERTIFICATE and KUBE_CONFIG.
An API_TOKEN is an easy to use secret that can be send part of HTTP request header Authorization: APIToken
Request can specify name, expiry and type of credential required. Since this credential inherits the creator’s RBAC service will determine the user from request context.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace Value of namespace is always “system”.
Request Bodyrequired
Section titled “Request Bodyrequired”CreateRequest is the request format for generating API credential.
object
Qty of days of service credential expiration.
Name of API credential record. It will be saved in metadata.
Value of namespace is always “system”.
object
Password is used for generating an API certificate P12 bundle user can use to protect access to it. This password will not be saved/persisted anywhere in the system. Applicable for credential type API_CERTIFICATE Users have to use this password when they use the certificate, e.g. In curl or while adding to key chain. Required: YES.
Name of virtual K8s cluster. Applicable for KUBE_CONFIG.
Namespace of virtual K8s cluster. Applicable for KUBE_CONFIG.
Responses
Section titled “Responses”A successful response.
CreateResponse is the response format for the credential’s create request.
object
Indicates if the resource is active
Data is the response format based on the API credential type. In case of API_CERTIFICATES, the response is the base64 encoded value of certificate in PKCS12 format. In case of KUBE_CONFIG, the response is the base64 encoded value of the K8s kubeconfig file with contents as requested - cluster,namespace and base64 encoded certificate, key and CA.
Configuration parameter for expiration timestamp
Human-readable name for the resource
Examplegenerated
{ "active": true, "data": "example", "expiration_timestamp": "2026-04-15T12:00:00Z", "name": "example"}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example