Get Credential
Retrieves details for a specific cloud credential by ID. Credential secrets are never returned - only metadata and verification status.
Request
GET /credentials/{id}
Authentication
Requires Bearer JWT Token with ORG_ADMIN role.
Authorization: Bearer <access_token>
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | UUID | Yes | Credential unique identifier |
Response
Success Response
Status Code: 200 OK
Response Body:
{
"id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"name": "AWS Production Account",
"provider": "AWS",
"credentialType": "ACCESS_KEY",
"isValid": true,
"lastVerifiedAt": "2026-02-18T10:00:00Z",
"verificationError": null,
"createdAt": "2026-01-10T09:00:00Z",
"updatedAt": "2026-02-18T10:00:00Z"
}
Response Fields
| Field | Type | Description |
|---|---|---|
id | UUID | Unique credential identifier |
name | string | Human-readable credential name |
provider | string | Cloud provider: AWS, GCP, AZURE, or APISIX |
credentialType | string | Type of credential (e.g., ACCESS_KEY, SERVICE_ACCOUNT, SERVICE_PRINCIPAL) |
isValid | boolean | Whether credential passed last verification (null if never verified) |
lastVerifiedAt | string (ISO 8601) | Timestamp of last verification attempt (null if never verified) |
verificationError | string | Error message from last failed verification (null if valid or never verified) |
createdAt | string (ISO 8601) | Credential creation timestamp |
updatedAt | string (ISO 8601) | Last update timestamp |
Error Responses
| Status Code | Error | Description |
|---|---|---|
401 Unauthorized | UNAUTHORIZED | Missing or invalid authentication token |
403 Forbidden | FORBIDDEN | User lacks ORG_ADMIN role |
404 Not Found | CREDENTIAL_NOT_FOUND | Credential with specified ID does not exist or does not belong to your organization |
429 Too Many Requests | RATE_LIMIT_EXCEEDED | Rate limit exceeded |
500 Internal Server Error | INTERNAL_ERROR | Server error occurred |
Error Response Example
{
"error": "CREDENTIAL_NOT_FOUND",
"message": "Credential with ID 7c9e6679-7425-40de-944b-e07fc1f90ae7 not found",
"timestamp": "2026-02-18T12:45:00Z"
}
Example
Request
curl -X GET https://api.entryguard.io/api/v1/credentials/7c9e6679-7425-40de-944b-e07fc1f90ae7 \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-H "Content-Type: application/json"
Response - Valid Credential
{
"id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"name": "AWS Production Account",
"provider": "AWS",
"credentialType": "ACCESS_KEY",
"isValid": true,
"lastVerifiedAt": "2026-02-18T10:00:00Z",
"verificationError": null,
"createdAt": "2026-01-10T09:00:00Z",
"updatedAt": "2026-02-18T10:00:00Z"
}
Response - Invalid Credential
{
"id": "8d0f7780-8536-51f0-c958-f18ed2g01bf8",
"name": "GCP Production Project",
"provider": "GCP",
"credentialType": "SERVICE_ACCOUNT",
"isValid": false,
"lastVerifiedAt": "2026-02-17T14:30:00Z",
"verificationError": "AccessDenied: Service account lacks compute.firewalls.list permission",
"createdAt": "2026-01-12T11:00:00Z",
"updatedAt": "2026-02-17T14:30:00Z"
}
Response - Newly Created (Not Yet Verified)
{
"id": "9e1f8891-9647-62g1-d069-g29ge3h12cg9",
"name": "Azure Subscription",
"provider": "AZURE",
"credentialType": "SERVICE_PRINCIPAL",
"isValid": null,
"lastVerifiedAt": null,
"verificationError": null,
"createdAt": "2026-02-18T12:40:00Z",
"updatedAt": "2026-02-18T12:40:00Z"
}
Notes
- Credential secrets (API keys, access keys, service account JSON) are never returned
- Credentials are scoped to your organization - you can only access credentials belonging to your organization
- The
isValidfield indicates whether the credential works:true- Last verification succeededfalse- Last verification failed (checkverificationErrorfor details)null- Never verified (newly created credentials)
- Credentials are automatically verified asynchronously after creation
- Invalid credentials will prevent resources linked to them from being used in sessions
- Check this endpoint after creating a credential to see verification status
Verification Status
The verification status helps you understand if your credentials are working:
isValid | verificationError | Meaning |
|---|---|---|
true | null | Credential is valid and working |
false | Error message | Credential failed verification - see error for details |
null | null | Credential not yet verified (just created) |
Common Verification Errors
| Provider | Error | Solution |
|---|---|---|
| AWS | InvalidClientTokenId | Access Key ID is invalid or doesn't exist |
| AWS | SignatureDoesNotMatch | Secret Access Key is incorrect |
| AWS | UnauthorizedOperation | IAM policy doesn't allow required EC2 operations |
| GCP | invalid_grant | Service account key is invalid or revoked |
| GCP | Permission denied | Service account lacks required compute permissions |
| Azure | InvalidAuthenticationToken | Client secret is invalid or expired |
| Azure | AuthorizationFailed | Service principal lacks Network Contributor role |