Skip to content
Docs
Credentials
Retrieve

Retrieve

API Reference
Organizations
Service Accounts
Credentials

Retrieve

client.organizations.serviceAccounts.credentials.retrieve(stringcredentialID, CredentialRetrieveParams { organization_id, service_account_id, expand, xClientRequestID } params, RequestOptionsoptions?): ServiceAccountCredential { id, client_id, created_at, 4 more }
GET/organizations/{organization_id}/service-accounts/{service_account_id}/credentials/{credential_id}

Get a specific service account credential

ParametersExpand Collapse
credentialID: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1
maxLength255
params: CredentialRetrieveParams { organization_id, service_account_id, expand, xClientRequestID }
organization_id: string

Path param: Organization ID or label identifier

minLength1
maxLength255
service_account_id: string

Path param: Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1
maxLength255
expand?: Array<"permissions" | "total_count">

Query param: Fields to expand in the response. Supports "permissions" to include the permissions field with the caller's permissions for the resource. For list organization identities only, "total_count" populates pagination.total_count with the number of identities matching the same filters as the list (excluding cursor and limit). Other operations ignore expand values they do not use.

Accepts one of the following:
"permissions"
"total_count"
xClientRequestID?: string

Header param: Unique request identifier specified by the originating caller and passed along by proxies.

formatuuid
ReturnsExpand Collapse
ServiceAccountCredential { id, client_id, created_at, 4 more }

Service account credential (without secret)

id: string

Identifier for API resources. A 26-char nanoid (URL/DNS safe).

minLength1
maxLength255
client_id: string

The client ID for authentication

created_at: string

The time the entity was created in utc

formatdate-time
name: string

A name for the entity to be displayed in UI

description?: string

Optional description of the credential

last_used_at?: string

When the credential was last used

formatdate-time
permissions?: Record<string, Record<string, boolean>>

Permissions granted to the authenticated principal for this resource. Only populated when the 'expand[]=permissions' query parameter is provided. Keys are resource types (e.g., "organizations"), values are objects mapping permission names to boolean values indicating if the permission is granted.

Retrieve

import KeycardAPI from '@keycardai/api';

const client = new KeycardAPI();

const serviceAccountCredential = await client.organizations.serviceAccounts.credentials.retrieve(
  'ab3def8hij2klm9opq5rst7uvw',
  { organization_id: 'x', service_account_id: 'ab3def8hij2klm9opq5rst7uvw' },
);

console.log(serviceAccountCredential.id);
{
  "id": "ab3def8hij2klm9opq5rst7uvw",
  "client_id": "A1b2C3d4E5f6G7h8I9j0K",
  "created_at": "2019-12-27T18:11:19.117Z",
  "name": "name",
  "description": "description",
  "last_used_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  }
}
Returns Examples
{
  "id": "ab3def8hij2klm9opq5rst7uvw",
  "client_id": "A1b2C3d4E5f6G7h8I9j0K",
  "created_at": "2019-12-27T18:11:19.117Z",
  "name": "name",
  "description": "description",
  "last_used_at": "2019-12-27T18:11:19.117Z",
  "permissions": {
    "organizations": {
      "read": true,
      "update": true
    },
    "users": {
      "read": true,
      "list": true
    }
  }
}