Create service credentials.

POST

/api/web/namespaces/{namespace}/service_credentials

curl --request POST \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/web/namespaces/example/service_credentials \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "api_certificate": { "password": "example" }, "api_token": {}, "expiration_days": 1, "name": "example", "namespace": "example", "namespace_roles": [ { "namespace": "example", "role": "example" } ], "password": "example", "site_kubeconfig": { "site": "example" }, "type": "API_CERTIFICATE", "user_group_names": [ "example" ], "virtual_k8s_name": "example", "virtual_k8s_namespace": "example", "vk8s_kubeconfig": { "vk8s_cluster_name": "example", "vk8s_namespace": "example" } }'

• F5 Distributed Cloud Console

Request to create new service credentials. User can specify name, expiry and list of namespce and allowed role of the service user.

Examples of this operation.

Authorizations

• ApiToken

Parameters

Path Parameters

namespace

required

string

Namespace Value of namespace is always “system”.

Request Body^required

Media typeapplication/json

Create Service Credentials Request

CreateServiceCredentialsRequest is the request format for creating service credentials.

object

api_certificate

object

password

Password for API certificate

Password is used for generating an API certificate P12 bundle user can use to protect access to it. This password will not be saved/persisted anywhere in the system. Applicable for credential type API_CERTIFICATE Users have to use this password when they use the certificate, e.g. In curl or while adding to key chain. Required: YES.

string

>= 6 characters <= 50 characters

api_token

object

expiration_days

Expiry in days

Qty of days of service credential expiration.

integer format: int64

name

Name

Name of API credential record. It will be saved in metadata.

string

>= 6 characters <= 1024 characters

namespace

Namespace

Value of namespace is always “system”.

string

>= 6 characters <= 1024 characters

namespace_roles

Roles

List of roles per namespace to be assigned to service credentials.

Array<object>

Namespace role

Allows linking namespaces and roles.

object

namespace

Namespace

Namespace the role applies to ’*’ value implies all namespaces Required: YES.

string

>= 6 characters <= 256 characters

role

Role

Users role for this namespace Required: YES.

string

<= 256 characters

password

Password for API certificate

Password is used for generating an API certificate P12 bundle user can use to protect access to it. This password will not be saved/persisted anywhere in the system. Applicable for credential type API_CERTIFICATE Users have to use this password when they use the certificate, e.g. In curl or while adding to key chain. Required: YES.

string

<= 1024 characters

site_kubeconfig

object

site

Site

Name of the site for which kubeconfig is being requested. Required: YES.

string

>= 1 characters <= 64 characters

type

string

default: API_CERTIFICATE

Allowed values: API_CERTIFICATE KUBE_CONFIG API_TOKEN SERVICE_API_TOKEN SERVICE_API_CERTIFICATE SERVICE_KUBE_CONFIG SITE_GLOBAL_KUBE_CONFIG SCIM_API_TOKEN SERVICE_SITE_GLOBAL_KUBE_CONFIG

user_group_names

User Groups Names

List of user_groups assigned to this service credential.

Array<string>

virtual_k8s_name

virtual k8s cluster name

Name of virtual_k8s cluster. Applicable for KUBE_CONFIG.

string

<= 1024 characters

virtual_k8s_namespace

Virtual k8s namespace

Namespace of virtual_k8s cluster. Applicable for KUBE_CONFIG.

string

<= 1024 characters

vk8s_kubeconfig

object

vk8s_cluster_name

virtual k8s cluster name

Name of virtual K8s cluster.

string

<= 1024 characters

vk8s_namespace

Virtual k8s namespace

Namespace of virtual K8s cluster. Applicable for KUBE_CONFIG.

string

<= 1024 characters

Responses

200

A successful response.

Media typeapplication/json

Create response

CreateResponse is the response format for the credential’s create request.

object

active

Indicates if the resource is active

boolean format: boolean

data

Credentials

Data is the response format based on the API credential type. In case of API_CERTIFICATES, the response is the base64 encoded value of certificate in PKCS12 format. In case of KUBE_CONFIG, the response is the base64 encoded value of the K8s kubeconfig file with contents as requested - cluster,namespace and base64 encoded certificate, key and CA.

string

<= 1024 characters

expiration_timestamp

Configuration parameter for expiration timestamp

string format: date-time

<= 1024 characters

name

Human-readable name for the resource

string

>= 6 characters <= 1024 characters

Example^generated

{
  "active": true,
  "data": "example",
  "expiration_timestamp": "2026-04-15T12:00:00Z",
  "name": "example"
}

401

Returned when operation is not authorized.

Media typeapplication/json

string format: string

Example^generated

example

403

Returned when there is no permission to access resource.

Media typeapplication/json

string format: string

Example^generated

example

404

Returned when resource is not found.

Media typeapplication/json

string format: string

Example^generated

example

409

Returned when operation on resource is conflicting with current value.

Media typeapplication/json

string format: string

Example^generated

example

429

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json

string format: string

Example^generated

example

500

Returned when server encountered an error in processing API.

Media typeapplication/json

string format: string

Example^generated

example

503

Returned when service is unavailable temporarily.

Media typeapplication/json

string format: string

Example^generated

example

504

Returned when server timed out processing request.

Media typeapplication/json

string format: string

Example^generated

example