Help Search

Create a resource

To create a new Resource, make a POST request to /resources.json with the encrypted secret data in request body. You must encrypt the data with the current user public key. And a valid request body will look like:

POST /resources.json
  "name": "<string>",
  "description": "<string>",
  "secrets": [{
    "data": "<encrypted_data>"

Note: even if secrets is an array, you can only push the secret for the current user at the moment.


The request body expects the following parameters:

Parameter Description Type Required Validation Constraints
name Name for the new resource. String Yes Valid utf8 string.
Must not exceed 64 characters.
Empty string not allowed.
description Description for the new resource. String No Valid utf8 string.
Must not exceed 10000 characters
username Username for this login String No Valid utf8 string.
Must not exceed 64 characters
uri URI/URL for the new resource. String No Valid utf8 string.
Must not exceed 1024 characters.
resource_type_id UUID The resource type id No
secrets An array of secrets in object format Array Yes Exactly one secret must be provided. Encrypted password. String Yes Valid ASCII Armored OpenPGP block

Possible Responses

Code Description
200 OK
The Resource was created. The response body will contain the newly created resource object.
400 Bad Request
Some of the data validation failed.
403 Authentication Failure
The user making the request is not authenticated


Valid request

For example for a resource with encrypted description (assuming the resource_type_id is correct):

POST /resources.json
  "name": "Apple developer ID",
  "resource_type_id": "e2aa01a9-84ec-55f8-aaed-24ee23259339",
  "secrets": [{
    "data": "-----BEGIN PGP MESSAGE-----"

The non encrypted data OpenPGP message would look like:

    "password": "Correct Horse Battery Staple",
    "description": "Official apple account to publish apps on the app store"

Success response

A successful request will return a json response like below:

    "header": {
        "id": "799c69c7-1789-4d87-9fbf-02529b0d21dc",
        "status": "success",
        "servertime": 1554909967,
        "action": "ad71952e-7842-599e-a19e-3a82e6974b23",
        "message": "The operation was successful.",
        "url": "\/secrets\/resource\/8e3874ae-4b40-590b-968a-418f704b9d9a.json",
        "code": 200
    "body": {
        "id": "eede75ff-316a-511c-8317-51e8339b6dcc",
        "user_id": "f848277c-5398-58f8-a82a-72397af2d450",
        "resource_id": "8e3874ae-4b40-590b-968a-418f704b9d9a",
        "resource_type_id": "e2aa01a9-84ec-55f8-aaed-24ee23259339",
        "data": "-----BEGIN PGP MESSAGE-----",
        "created": "2019-04-04T12:06:50+00:00",
        "modified": "2019-04-04T12:06:50+00:00"

Error response

A request must pass all the validation checks. For example sending a blank request body will return

    "header": {
        "id": "965c9f17-18ae-48fd-a36e-e42f04a30442",
        "status": "error",
        "servertime": 1554907648,
        "action": "ad8bbc35-6435-538e-b1a7-80b87bcedb6a",
        "message": "Could not validate resource data.",
        "url": "\/resources.json",
        "code": 400
    "body": {
        "name": {
            "_required": "A name is required."
        "secrets": {
            "_required": "A secret is required."

Last updated

This article was last updated on April 23rd, 2019.

For another perspective on the API you browse the OpenAPI 2.0 specifications using the dedicated API reference site (Swagger UI).

API Reference

You can also find the latest OpenAPI 2.0 specifications directly on the dedicated repository.

OpenAPI Specs repository
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!