Help Search

Create a resource

To create a new Resource, make a POST request to /resources.json with the encrypted secret data in request body. You must encrypt the data with the current user public key. And a valid request body will look like:

POST /resources.json?api-version=v2
  "name": "<string>",
  "description": "<string>",
  "secrets": [{
    "user_id": "<UUID>",
    "data": "<encrypted_password>"

Note: even if secrets is an array, you can only push the secret for the current user at the moment.


The request body expects the following parameters:

Parameter Description Required Validation Constraints
name Name for the new resource. Yes Valid utf8 string.
Must not exceed 64 characters.
Empty string not allowed.
description Description for the new resource. No Valid utf8 string.
Must not exceed 10000 characters
username Username for this login No Valid utf8 string.
Must not exceed 64 characters
uri URI/URL for the new resource. String Valid utf8 string.
Must not exceed 1024 characters.
secrets An array of secrets in object format Array Exactly one secret must be provided.
secrets.user_id User ID of the user String UUID Encrypted password. String Valid ASCII Armored OpenPGP block

Possible Responses

Code Description
200 OK
The Resource was created. The response body will contain the newly created resource object.
400 Bad Request
Some of the data validation failed.
403 Authentication Failure
The user making the request is not authenticated


Valid request

  "name": "Apple developer ID",
  "description": "Official apple account to publish apps on the app store",
  "secrets": [{
    "user_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "data": "<encrypted_password>"

Success response

A successful request will return a json response like below:

    "header": {
        "id": "799c69c7-1789-4d87-9fbf-02529b0d21dc",
        "status": "success",
        "servertime": 1554909967,
        "title": "app_secrets_view_success",
        "action": "ad71952e-7842-599e-a19e-3a82e6974b23",
        "message": "The operation was successful.",
        "url": "\/secrets\/resource\/8e3874ae-4b40-590b-968a-418f704b9d9a.json?api-version=v2",
        "code": 200
    "body": {
        "id": "eede75ff-316a-511c-8317-51e8339b6dcc",
        "user_id": "f848277c-5398-58f8-a82a-72397af2d450",
        "resource_id": "8e3874ae-4b40-590b-968a-418f704b9d9a",
        "data": "-----BEGIN PGP MESSAGE-----",
        "created": "2019-04-04T12:06:50+00:00",
        "modified": "2019-04-04T12:06:50+00:00"

Error response

A request must pass all the validation checks. For example sending a blank request body will return

    "header": {
        "id": "965c9f17-18ae-48fd-a36e-e42f04a30442",
        "status": "error",
        "servertime": 1554907648,
        "title": "app_resources_add_error",
        "action": "ad8bbc35-6435-538e-b1a7-80b87bcedb6a",
        "message": "Could not validate resource data.",
        "url": "\/resources.json?api-version=v2",
        "code": 400
    "body": {
        "name": {
            "_required": "A name is required."
        "secrets": {
            "_required": "A secret is required."

Last updated

This article was last updated on April 23rd, 2019.

If you are familiar with the high level API concepts and only looking for the endpoint implementation details, there is a repository with the latest OpenAPI 2.0 specifications (compatible with Swagger).

OpenAPI Specs