Comprehensive guide to View's credential management system, including creation, management, and security of access credentials for API authentication.
Overview
The View Credential management system provides secure access control through API credentials. Credentials define the access material by which users and applications authenticate with the View platform and access stored data.
Key Features
- Secure Access Control: Generate and manage access keys and secret keys for API authentication
- User Association: Link credentials to specific users within tenant boundaries
- Active/Inactive States: Control credential availability through active status management
- Protection Controls: Mark credentials as protected to prevent accidental modification
- Admin-Only Operations: Secure credential management requiring administrator privileges
- Automatic Key Generation: System-generated access and secret keys for enhanced security
Supported Operations
- Create: Generate new credentials for users with automatic key generation
- Read: Retrieve credential metadata (keys are redacted for security)
- Enumerate: List all credentials with pagination support
- Delete: Remove credentials from the system
- Existence Check: Verify credential presence without exposing sensitive data
API Endpoints
Credentials are managed via the Configuration server API at [http|https]://[hostname]:[port]/v1.0/tenants/[tenant-guid]/credentials
Supported HTTP Methods: GET, HEAD, PUT, DELETE
Important Security Note: All credential operations require administrator-level access tokens.
Credential Object Structure
Credential objects contain access control information and metadata. Here's the complete structure:
{
"GUID": "default",
"TenantGUID": "default",
"UserGUID": "default",
"AccessKey": "***ault",
"SecretKey": "***ault",
"Name": "Default credential",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-07-10T05:09:31.000000Z"
}Field Descriptions
- GUID (GUID): Globally unique identifier for the credential object
- TenantGUID (GUID): Globally unique identifier for the tenant
- UserGUID (GUID): Globally unique identifier for the associated user
- AccessKey (string): The access key for API authentication (redacted in responses)
- SecretKey (string): The secret key for API authentication (redacted in responses)
- Name (string): Display name of the credential
- Active (boolean): Indicates whether the credential is active and can be used
- IsProtected (boolean): Indicates whether the credential is protected from modification
- CreatedUtc (datetime): UTC timestamp when the credential was created
Security Notes
- Key Redaction: Access keys and secret keys are automatically redacted in all read operations for security
- One-Time Display: Full access and secret keys are only returned during the initial create operation
- Admin Access Required: All credential operations require administrator-level authentication tokens
- Secure Storage: Credentials are stored securely with proper encryption and access controls
Create Credential
Creates a new credential object for a user using PUT /v1.0/tenants/[tenant-guid]/credentials. This endpoint generates new access and secret keys automatically and requires administrator privileges.
Request Parameters
- UserGUID (string, Body, Required): GUID of the user to create credentials for
- Name (string, Body, Optional): Display name for the credential
- Active (boolean, Body, Optional): Whether the credential should be active (defaults to true)
Important Security Notice
CRITICAL: The access key and secret key are only returned in full during the create operation. After creation, all subsequent operations return redacted keys for security. Save the access key and secret key immediately from the create response as they cannot be retrieved later.
Response
Returns the created credential object with full access and secret keys:
{
"GUID": "6046481e-5682-462a-a1a2-a7e1e242b1ff",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"UserGUID": "00000000-0000-0000-0000-000000000000",
"AccessKey": "AKIAIOSFODNN7EXAMPLE",
"SecretKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"Name": "Default credential",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-10-21T14:33:55.000000Z"
}curl --location --request PUT 'http://view.homedns.org:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/credentials' \
--header 'content-type: application/json' \
--header 'Authorization: ••••••' \
--data '{
"UserGUID": "00000000-0000-0000-0000-000000000000",
"Name": "Default credential",
"Active": true
}import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
api.accessToken = "<adminToken>" //This API requires Admin access
export const createCredential = async () => {
try {
const response = await api.Credential.creat({
UserGUID: "<user-guid>",
Name: "Default credential",
Active: true,
});
console.log(response, "Credential created successfully");
} catch (err) {
console.log("Error creating Credential:", err);
}
};
createCredential();import view_sdk
from view_sdk import configuration
sdk = view_sdk.configure(
access_key="default",
base_url="localhost",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def createCredential():
credential = configuration.Credential.create(
UserGUID="<user-guid>",
Name="Default credential",
Active=True
)
print(credential)
createCredential()using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
Credential request = new Credential
{
UserGUID = Guid.Parse("<user-guid>"),
Active = true,
};
Credential response = await sdk.Credential.Create(request);Enumerate Credentials
Retrieves a paginated list of all credential objects in the tenant using GET /v2.0/tenants/[tenant-guid]/credentials. This endpoint provides comprehensive enumeration with pagination support and requires administrator privileges.
Request Parameters
No additional parameters required beyond authentication.
Response
Returns a paginated list of credential objects with redacted keys:
{
"Success": true,
"Timestamp": {
"Start": "2024-10-21T02:36:37.677751Z",
"TotalMs": 23.58,
"Messages": {}
},
"MaxResults": 10,
"IterationsRequired": 1,
"EndOfResults": true,
"RecordsRemaining": 0,
"Objects": [
{
"GUID": "6046481e-5682-462a-a1a2-a7e1e242b1ff",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"UserGUID": "00000000-0000-0000-0000-000000000000",
"AccessKey": "****ebsr",
"SecretKey": "****Qzn9",
"Name": "Default credential",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-10-21T14:33:55.000000Z"
}
],
"ContinuationToken": null
}Response Structure
The enumeration response includes pagination metadata and credential objects:
{
"Success": true,
"Timestamp": {
"Start": "2024-10-21T02:36:37.677751Z",
"TotalMs": 23.58,
"Messages": {}
},
"MaxResults": 10,
"IterationsRequired": 1,
"EndOfResults": true,
"RecordsRemaining": 16,
"Objects": [
{
"GUID": "example-credential",
... credential details ...
},
{ ... }
],
"ContinuationToken": "[continuation-token]"
}curl --location 'http://view.homedns.org:8000/v2.0/tenants/00000000-0000-0000-0000-000000000000/credentials/' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
api.accessToken = "<adminToken>" //This API requires Admin access
export const enumerateCredentials = async () => {
try {
const credentials = await api.Credential.enumerate();
console.log(credentials, "Credentials fetched successfully");
} catch (err) {
console.log("Error fetching Credentials:", err);
}
};
enumerateCredentials();import view_sdk
from view_sdk import configuration
sdk = view_sdk.configure(
access_key="default",
base_url="localhost",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def enumerateCredentials():
credentials = configuration.Credential.enumerate()
print(credentials)
enumerateCredentials()using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
EnumerationResult<Credential> response = await sdk.Credential.Enumerate();Read Credential
Retrieves credential metadata by GUID using GET /v1.0/tenants/[tenant-guid]/credentials/[credential-guid]. Returns credential information with redacted access and secret keys for security. If the credential doesn't exist, a 404 error is returned.
Request Parameters
- credential-guid (string, Path, Required): GUID of the credential object to retrieve
Response
Returns the credential object with redacted access and secret keys:
{
"GUID": "6046481e-5682-462a-a1a2-a7e1e242b1ff",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"UserGUID": "00000000-0000-0000-0000-000000000000",
"AccessKey": "****ebsr",
"SecretKey": "****Qzn9",
"Name": "Default credential",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-10-21T14:33:55.000000Z"
}{
"GUID": "6046481e-5682-462a-a1a2-a7e1e242b1ff",
"TenantGUID": "default",
"UserGUID": "default",
"AccessKey": "****ebsr",
"SecretKey": "****Qzn9",
"Active": true,
"CreatedUtc": "2024-10-21T14:33:55.000000Z"
}curl --location 'http://view.homedns.org:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/credentials/00000000-0000-0000-0000-000000000000' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
api.accessToken = "<adminToken>" //This API requires Admin access
export const getCredential = async () => {
try {
const credential = await api.Credential.read(
"<credential-guid>"
);
console.log(credential, "Credential fetched successfully");
} catch (err) {
console.log("Error fetching Credential:", err);
}
};
getCredential();import view_sdk
from view_sdk import configuration
sdk = view_sdk.configure(
access_key="default",
base_url="localhost",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def readCredential():
credential = configuration.Credential.retrieve("<credential-guid>")
print(credential)
readCredential()using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
Credential response = await sdk.Credential.Retrieve(Guid.Parse("<credential-guid>"));Note: the HEAD method can be used as an alternative to get to simply check the existence of the object. HEAD requests return either a 200/OK in the event the object exists, or a 404/Not Found if not. No response body is returned with a HEAD request.
Read All Credentials
Retrieves all credential objects in the tenant using GET /v1.0/tenants/[tenant-guid]/credentials/. Returns an array of credential objects with metadata (access and secret keys are redacted) for all credentials in the tenant.
Request Parameters
No additional parameters required beyond authentication.
Response
Returns an array of all credential objects with redacted keys:
[
{
"GUID": "6046481e-5682-462a-a1a2-a7e1e242b1ff",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"UserGUID": "00000000-0000-0000-0000-000000000000",
"AccessKey": "****ebsr",
"SecretKey": "****Qzn9",
"Name": "Default credential",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-10-21T14:33:55.000000Z"
},
{
"GUID": "another-credential-guid",
"TenantGUID": "00000000-0000-0000-0000-000000000000",
"UserGUID": "00000000-0000-0000-0000-000000000000",
"AccessKey": "****abcd",
"SecretKey": "****efgh",
"Name": "Another credential",
"Active": true,
"IsProtected": false,
"CreatedUtc": "2024-10-21T15:45:30.000000Z"
}
]curl --location 'http://view.homedns.org:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/credentials' \
--header 'Authorization: ••••••'import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
api.accessToken = "<adminToken>" //This API requires Admin access
export const getAllCredentials = async () => {
try {
const credentials = await api.Credential.readAll();
console.log(credentials, "All credentials fetched successfully");
} catch (err) {
console.log("Error fetching Credentials:", err);
}
};
getAllCredentials();import view_sdk
from view_sdk import configuration
sdk = view_sdk.configure(
access_key="default",
base_url="localhost",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def readAllCredentials():
credentials = configuration.Credential.retrieve_all()
print(credentials)
readAllCredentials()using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
List<Credential> response = await sdk.Credential.RetrieveMany();Delete Credential
Deletes a credential object by GUID using DELETE /v1.0/tenants/[tenant-guid]/credentials/[credential-guid]. This operation permanently removes the credential and revokes access. Use with caution as this action cannot be undone.
Request Parameters
- credential-guid (string, Path, Required): GUID of the credential object to delete
Response
Returns 204 No Content on successful deletion. No response body is returned.
curl --location --request DELETE 'http://view.homedns.org:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/credentials/00000000-0000-0000-0000-000000000000' \
--header 'Authorization: ••••••' \import { ViewConfigurationSdk } from "view-sdk";
const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
api.accessToken = "<adminToken>" //This API requires Admin access
export const deleteCredential = async () => {
try {
const response = await api.Credential.delete(
"<credential-guid>"
);
console.log(response, "Credential deleted successfully");
} catch (err) {
console.log("Error deleting Credential:", err);
}
};
deleteCredential();import view_sdk
from view_sdk import configuration
sdk = view_sdk.configure(
access_key="default",
base_url="localhost",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def deleteCredential():
credential = configuration.Credential.delete("<credential-guid>")
print(credential)
deleteCredential()using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
bool deleted = await sdk.Credential.Delete(Guid.Parse("<credential-guid>"));Check Credential Existence
Verifies if a credential object exists without retrieving its details using HEAD /v1.0/tenants/[tenant-guid]/credentials/[credential-guid]. This is an efficient way to check credential presence before performing operations.
Request Parameters
- credential-guid (string, Path, Required): GUID of the credential object to check
Response
- 200 No Content: Credential exists
- 404 Not Found: Credential does not exist
- No response body: Only HTTP status code is returned
Note: HEAD requests do not return a response body, only the HTTP status code indicating whether the credential exists.
curl --location --head 'http://view.homedns.org:8000/v1.0/tenants/00000000-0000-0000-0000-000000000000/credentials/00000000-0000-0000-0000-000000000000' \
--header 'Authorization: ••••••'const api = new ViewConfigurationSdk(
"http://localhost:8000/", //endpoint
"default", //tenant Id
"default" //access key
);
api.accessToken = "<adminToken>" //This API requires Admin access
export const credentialExists = async () => {
try {
const response = await api.Credential.exists(
"<credential-guid>"
);
console.log(response, "Credential exists");
} catch (err) {
console.log("Error fetching Credential:", err);
}
};
credentialExists();
import view_sdk
from view_sdk import configuration
sdk = view_sdk.configure(
access_key="default",
base_url="localhost",
tenant_guid="default",
service_ports={Service.DEFAULT: 8000},
)
def existsCredential():
credential = configuration.Credential.exists("<credential-guid>")
print(credential)
existsCredential()
using View.Sdk;
using View.Sdk.Configuration;
ViewConfigurationSdk sdk = new ViewConfigurationSdk(Guid.Parse("<tenant-guid>"),"default", "http://localhost:8000/");
bool exists = await sdk.Credential.Exists(Guid.Parse("<credential-guid>"));Best Practices
When managing credentials in the View platform, consider the following security and operational recommendations:
- Secure Key Storage: Immediately save access and secret keys from create operations as they cannot be retrieved later
- Administrator Access: Ensure all credential operations use administrator-level authentication tokens
- Active Flag Management: Use the Active flag to temporarily disable credentials without deletion
- Protection Settings: Mark critical credentials as protected to prevent accidental modification
- Audit Trail: Monitor credential creation, modification, and deletion for security auditing
Next Steps
After successfully managing credentials, you can:
- API Integration: Use generated credentials to authenticate with other View platform APIs
- Application Development: Integrate credential-based authentication into your applications
- User Management: Associate credentials with user accounts for proper access control
- Security Monitoring: Implement monitoring for credential usage and access patterns
- Access Control: Implement role-based access control using credential associations