Overview

The View Credential management system provides secure access control through API credentials. Credentials define the access material by which users and applications authenticate with the View platform and access stored data.

Key Features

Secure Access Control: Generate and manage access keys and secret keys for API authentication
User Association: Link credentials to specific users within tenant boundaries
Active/Inactive States: Control credential availability through active status management
Protection Controls: Mark credentials as protected to prevent accidental modification
Admin-Only Operations: Secure credential management requiring administrator privileges
Automatic Key Generation: System-generated access and secret keys for enhanced security

Supported Operations

Create: Generate new credentials for users with automatic key generation
Read: Retrieve credential metadata (keys are redacted for security)
Enumerate: List all credentials with pagination support
Delete: Remove credentials from the system
Existence Check: Verify credential presence without exposing sensitive data

API Endpoints

Credentials are managed via the Configuration server API at [http|https]://[hostname]:[port]/v1.0/tenants/[tenant-guid]/credentials

Supported HTTP Methods: GET, HEAD, PUT, DELETE

Important Security Note: All credential operations require administrator-level access tokens.

Credential Object Structure

Credential objects contain access control information and metadata. Here's the complete structure:

{
    "GUID": "default",
    "TenantGUID": "default",
    "UserGUID": "default",
    "AccessKey": "***ault",
    "SecretKey": "***ault",
    "Name": "Default credential",
    "Active": true,
    "IsProtected": false,
    "CreatedUtc": "2024-07-10T05:09:31.000000Z"
}

Field Descriptions

GUID (GUID): Globally unique identifier for the credential object
TenantGUID (GUID): Globally unique identifier for the tenant
UserGUID (GUID): Globally unique identifier for the associated user
AccessKey (string): The access key for API authentication (redacted in responses)
SecretKey (string): The secret key for API authentication (redacted in responses)
Name (string): Display name of the credential
Active (boolean): Indicates whether the credential is active and can be used
IsProtected (boolean): Indicates whether the credential is protected from modification
CreatedUtc (datetime): UTC timestamp when the credential was created

Security Notes

Key Redaction: Access keys and secret keys are automatically redacted in all read operations for security
One-Time Display: Full access and secret keys are only returned during the initial create operation
Admin Access Required: All credential operations require administrator-level authentication tokens
Secure Storage: Credentials are stored securely with proper encryption and access controls

Create Credential

Creates a new credential object for a user using PUT /v1.0/tenants/[tenant-guid]/credentials. This endpoint generates new access and secret keys automatically and requires administrator privileges.

Request Parameters

UserGUID (string, Body, Required): GUID of the user to create credentials for
Name (string, Body, Optional): Display name for the credential
Active (boolean, Body, Optional): Whether the credential should be active (defaults to true)

{
    "GUID": "6046481e-5682-462a-a1a2-a7e1e242b1ff",
    "TenantGUID": "00000000-0000-0000-0000-000000000000",
    "UserGUID": "00000000-0000-0000-0000-000000000000",
    "AccessKey": "AKIAIOSFODNN7EXAMPLE",
    "SecretKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
    "Name": "Default credential",
    "Active": true,
    "IsProtected": false,
    "CreatedUtc": "2024-10-21T14:33:55.000000Z"
}

Important Security Notice

CRITICAL: The access key and secret key are only returned in full during the create operation. After creation, all subsequent operations return redacted keys for security. Save the access key and secret key immediately from the create response as they cannot be retrieved later.

Response

Returns the created credential object with full access and secret keys:

curl --location --request PUT 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/credentials' \
--header 'content-type: application/json' \
--header 'Authorization: ••••••' \
--data '{
    "UserGUID": "00000000-0000-0000-0000-000000000000",
    "Name": "Default credential",
    "Active": true
}

import { ViewConfigurationSdk } from "view-sdk";

const api = new ViewConfigurationSdk(
   "http://localhost:8000/", //endpoint
  "default", //tenant Id
  "default" //access key
);

api.accessToken = "<adminToken>" //This API requires Admin access


export const createCredential = async () => {
  try {
    const response = await api.Credential.creat({
      UserGUID: "<user-guid>",
      Name: "Default credential",
      Active: true,
    });
    console.log(response, "Credential created successfully");
  } catch (err) {
    console.log("Error creating Credential:", err);
  }
};
createCredential();

import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service

sdk = view_sdk.configure(
    access_key="default",
    base_url="localhost", 
    tenant_guid="default",
    service_ports={Service.DEFAULT: 8000},
)

def createCredential():
    credential = configuration.Credential.create(
        UserGUID="<user-guid>",
        Name="Default credential",
        Active=True
    )
    print(credential)

createCredential()

using View.Sdk;
using View.Sdk.Configuration;

ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
            
Credential request = new Credential
{
   UserGUID =  Guid.Parse("<user-guid>"),
   Active = true,
};

Credential response = await sdk.Credential.Create(request);

Enumerate Credentials

Retrieves a paginated list of all credential objects in the tenant using GET /v2.0/tenants/[tenant-guid]/credentials. This endpoint provides comprehensive enumeration with pagination support and requires administrator privileges.

Request Parameters

No additional parameters required beyond authentication.

{
    "Success": true,
    "Timestamp": {
        "Start": "2024-10-21T02:36:37.677751Z",
        "TotalMs": 23.58,
        "Messages": {}
    },
    "MaxResults": 10,
    "IterationsRequired": 1,
    "EndOfResults": true,
    "RecordsRemaining": 0,
    "Objects": [
        {
            "GUID": "6046481e-5682-462a-a1a2-a7e1e242b1ff",
            "TenantGUID": "00000000-0000-0000-0000-000000000000",
            "UserGUID": "00000000-0000-0000-0000-000000000000",
            "AccessKey": "****ebsr",
            "SecretKey": "****Qzn9",
            "Name": "Default credential",
            "Active": true,
            "IsProtected": false,
            "CreatedUtc": "2024-10-21T14:33:55.000000Z"
        }
    ],
    "ContinuationToken": null
}

Response

Returns a paginated list of credential objects with redacted keys:

Response Structure

The enumeration response includes pagination metadata and credential objects:

curl --location 'http://localhost:8000/v2.0/tenants/00000000-0000-0000-0000-000000000000/credentials/' \
--header 'Authorization: ••••••'

import { ViewConfigurationSdk } from "view-sdk";

const api = new ViewConfigurationSdk(
  "http://localhost:8000/", //endpoint
  "default", //tenant Id
  "default" //access key
);

api.accessToken = "<adminToken>" //This API requires Admin access

export const enumerateCredentials = async () => {
  try {
    const credentials = await api.Credential.enumerate();
    console.log(credentials, "Credentials fetched successfully");
  } catch (err) {
    console.log("Error fetching Credentials:", err);
  }
};

enumerateCredentials();

import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service

sdk = view_sdk.configure(
    access_key="default",
    base_url="localhost", 
    tenant_guid="default",
    service_ports={Service.DEFAULT: 8000},
)

def enumerateCredentials():
    credentials = configuration.Credential.enumerate()
    print(credentials)

enumerateCredentials()

using View.Sdk;
using View.Sdk.Configuration;

ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
            
EnumerationResult<Credential> response = await sdk.Credential.Enumerate();

Read Credential

Retrieves credential metadata by GUID using GET /v1.0/tenants/[tenant-guid]/credentials/[credential-guid]. Returns credential information with redacted access and secret keys for security. If the credential doesn't exist, a 404 error is returned.

Request Parameters

credential-guid (string, Path, Required): GUID of the credential object to retrieve

curl --location 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/credentials/00000000-0000-0000-0000-000000000000' \
--header 'Authorization: ••••••'

import { ViewConfigurationSdk } from "view-sdk";

const api = new ViewConfigurationSdk(
  "http://localhost:8000/", //endpoint
  "default", //tenant Id
  "default" //access key
);

api.accessToken = "<adminToken>" //This API requires Admin access


export const getCredential = async () => {
  try {
    const credential = await api.Credential.read(
      "<credential-guid>"
    );
    console.log(credential, "Credential fetched successfully");
  } catch (err) {
    console.log("Error fetching Credential:", err);
  }
};
getCredential();

import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service

sdk = view_sdk.configure(
    access_key="default",
    base_url="localhost", 
    tenant_guid="default",
    service_ports={Service.DEFAULT: 8000},
)

def readCredential():
    credential = configuration.Credential.retrieve("<credential-guid>")
    print(credential)

readCredential()

using View.Sdk;
using View.Sdk.Configuration;

ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
            
Credential response = await sdk.Credential.Retrieve(Guid.Parse("<credential-guid>"));

Response

{
    "GUID": "6046481e-5682-462a-a1a2-a7e1e242b1ff",
    "TenantGUID": "00000000-0000-0000-0000-000000000000",
    "UserGUID": "00000000-0000-0000-0000-000000000000",
    "AccessKey": "****ebsr",
    "SecretKey": "****Qzn9",
    "Name": "Default credential",
    "Active": true,
    "IsProtected": false,
    "CreatedUtc": "2024-10-21T14:33:55.000000Z"
}

Returns the credential object with redacted access and secret keys:

Note: the HEAD method can be used as an alternative to get to simply check the existence of the object. HEAD requests return either a 200/OK in the event the object exists, or a 404/Not Found if not. No response body is returned with a HEAD request.

Read All Credentials

Retrieves all credential objects in the tenant using GET /v1.0/tenants/[tenant-guid]/credentials/. Returns an array of credential objects with metadata (access and secret keys are redacted) for all credentials in the tenant.

Request Parameters

No additional parameters required beyond authentication.

curl --location 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/credentials' \
--header 'Authorization: ••••••'

import { ViewConfigurationSdk } from "view-sdk";

const api = new ViewConfigurationSdk(
  "http://localhost:8000/", //endpoint
  "default", //tenant Id
  "default" //access key
);

api.accessToken = "<adminToken>" //This API requires Admin access

export const getAllCredentials = async () => {
  try {
    const credentials = await api.Credential.readAll();
    console.log(credentials, "All credentials fetched successfully");
  } catch (err) {
    console.log("Error fetching Credentials:", err);
  }
};

getAllCredentials();

import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service

sdk = view_sdk.configure(
    access_key="default",
    base_url="localhost", 
    tenant_guid="default",
    service_ports={Service.DEFAULT: 8000},
)

def readAllCredentials():
    credentials = configuration.Credential.retrieve_all()
    print(credentials)

readAllCredentials()

using View.Sdk;
using View.Sdk.Configuration;

ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");        
      
List<Credential> response = await sdk.Credential.RetrieveMany();

Response

Returns an array of all credential objects with redacted keys:

[
    {
        "GUID": "6046481e-5682-462a-a1a2-a7e1e242b1ff",
        "TenantGUID": "00000000-0000-0000-0000-000000000000",
        "UserGUID": "00000000-0000-0000-0000-000000000000",
        "AccessKey": "****ebsr",
        "SecretKey": "****Qzn9",
        "Name": "Default credential",
        "Active": true,
        "IsProtected": false,
        "CreatedUtc": "2024-10-21T14:33:55.000000Z"
    },
    {
        "GUID": "another-credential-guid",
        "TenantGUID": "00000000-0000-0000-0000-000000000000",
        "UserGUID": "00000000-0000-0000-0000-000000000000",
        "AccessKey": "****abcd",
        "SecretKey": "****efgh",
        "Name": "Another credential",
        "Active": true,
        "IsProtected": false,
        "CreatedUtc": "2024-10-21T15:45:30.000000Z"
    }
]

Delete Credential

Deletes a credential object by GUID using DELETE /v1.0/tenants/[tenant-guid]/credentials/[credential-guid]. This operation permanently removes the credential and revokes access. Use with caution as this action cannot be undone.

Request Parameters

credential-guid (string, Path, Required): GUID of the credential object to delete

curl --location --request DELETE 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/credentials/00000000-0000-0000-0000-000000000000' \
--header 'Authorization: ••••••' \

import { ViewConfigurationSdk } from "view-sdk";

const api = new ViewConfigurationSdk(
  "http://localhost:8000/", //endpoint
  "default", //tenant Id
  "default" //access key
);

api.accessToken = "<adminToken>" //This API requires Admin access

export const deleteCredential = async () => {
  try {
    const response = await api.Credential.delete(
      "<credential-guid>"
    );
    console.log(response, "Credential deleted successfully");
  } catch (err) {
    console.log("Error deleting Credential:", err);
  }
};

deleteCredential();

import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service

sdk = view_sdk.configure(
    access_key="default",
    base_url="localhost", 
    tenant_guid="default",
    service_ports={Service.DEFAULT: 8000},
)

def deleteCredential():
    credential = configuration.Credential.delete("<credential-guid>")
    print(credential)

deleteCredential()

using View.Sdk;
using View.Sdk.Configuration;

ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");

bool deleted = await sdk.Credential.Delete(Guid.Parse("<credential-guid>"));

Response

Returns 204 No Content on successful deletion. No response body is returned.

Check Credential Existence

Verifies if a credential object exists without retrieving its details using HEAD /v1.0/tenants/[tenant-guid]/credentials/[credential-guid]. This is an efficient way to check credential presence before performing operations.

Request Parameters

credential-guid (string, Path, Required): GUID of the credential object to check

Response

200 No Content: Credential exists
404 Not Found: Credential does not exist
No response body: Only HTTP status code is returned

Note: HEAD requests do not return a response body, only the HTTP status code indicating whether the credential exists.

curl --location --head 'http://localhost:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/credentials/00000000-0000-0000-0000-000000000000' \
--header 'Authorization: ••••••'

const api = new ViewConfigurationSdk(
  "http://localhost:8000/", //endpoint
  "default", //tenant Id
  "default" //access key
);

api.accessToken = "<adminToken>" //This API requires Admin access

export const credentialExists = async () => {
  try {
    const response = await api.Credential.exists(
      "<credential-guid>"
    );
    console.log(response, "Credential exists");
  } catch (err) {
    console.log("Error fetching Credential:", err);
  }
};

credentialExists();

import view_sdk
from view_sdk import configuration
from view_sdk.sdk_configuration import Service

sdk = view_sdk.configure(
    access_key="default",
    base_url="localhost", 
    tenant_guid="default",
    service_ports={Service.DEFAULT: 8000},
)

def existsCredential():
    credential = configuration.Credential.exists("<credential-guid>")
    print(credential)

existsCredential()

using View.Sdk;
using View.Sdk.Configuration;

ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
            
bool exists = await sdk.Credential.Exists(Guid.Parse("<credential-guid>"));

Best Practices

When managing credentials in the View platform, consider the following security and operational recommendations:

Secure Key Storage: Immediately save access and secret keys from create operations as they cannot be retrieved later
Administrator Access: Ensure all credential operations use administrator-level authentication tokens
Active Flag Management: Use the Active flag to temporarily disable credentials without deletion
Protection Settings: Mark critical credentials as protected to prevent accidental modification
Audit Trail: Monitor credential creation, modification, and deletion for security auditing

Next Steps

After successfully managing credentials, you can:

API Integration: Use generated credentials to authenticate with other View platform APIs
Application Development: Integrate credential-based authentication into your applications
User Management: Associate credentials with user accounts for proper access control
Security Monitoring: Implement monitoring for credential usage and access patterns
Access Control: Implement role-based access control using credential associations