Delete a credential

DELETE

/credentials/{id}

curl --request DELETE \
  --url https://your-org.evershell.ai/v1/credentials/example \
  --header 'Authorization: Bearer <token>'

• Hosted tenant

Permissions: auth:write or auth:write:own.

Removes the credential record and revokes the durable secret in Vault. Workspaces with capabilities that reference the credential by name will fail their auth: transforms on their next call — auth_failures.<name>: auth_unavailable in the audit row.

Authorizations

• bearerAuth

Parameters

Path Parameters

id

required

string

Responses

200

OK

Media type application/json

object

id

required

string

status

required

string

Example

{
  "status": "deleted"
}

400

Validation failure

Media type application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

404

Resource not found in the caller’s org

Media type application/json

object

error

required

object

code

required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string

message

required

Human-readable summary

string

request_id

required

Server-generated request id for correlating logs

string

details

Optional structured context. Validation errors land at details.fields as a per-field map.

object

key

additional properties

any

Example

{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}