> ## Documentation Index > Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Create Credential > CreateCredential creates a new client credential for a service principal. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/service_principals/{service_principal_id}/credentials openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/service_principals/{service_principal_id}/credentials: post: tags: - Service Principal summary: Create Credential description: >- CreateCredential creates a new client credential for a service principal. operationId: c1.api.service_principal.v1.ServicePrincipalService.CreateCredential parameters: - in: path name: service_principal_id required: true schema: description: The service principal ID to create the credential for. type: string requestBody: content: application/json: schema: $ref: >- #/components/schemas/c1.api.service_principal.v1.ServicePrincipalServiceCreateCredentialRequestInput responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.service_principal.v1.ServicePrincipalServiceCreateCredentialResponse description: Successful response x-codeSamples: - lang: go label: CreateCredential source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/operations\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.Principal.CreateCredential(ctx, operations.C1APIServicePrincipalV1ServicePrincipalServiceCreateCredentialRequest{\n ServicePrincipalID: \"\",\n })\n if err != nil {\n log.Fatal(err)\n }\n if res.ServicePrincipalServiceCreateCredentialResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.principal.createCredential({ servicePrincipalId: "", }); console.log(result); } run(); components: schemas: c1.api.service_principal.v1.ServicePrincipalServiceCreateCredentialRequestInput: description: The ServicePrincipalServiceCreateCredentialRequest message. properties: allowSourceCidrs: description: |- A list of CIDRs to restrict this credential to. Accepts IPv4 (e.g. 10.0.0.0/24) or IPv6 (e.g. 2001:db8::/32) CIDRs. items: type: string type: - array - 'null' displayName: description: The display name for the new credential. type: - string - 'null' expires: format: duration type: - string - 'null' requireDpop: description: >- If true, requires DPoP proof-of-possession for token exchange using this credential. type: - boolean - 'null' scopedRoles: description: The list of roles to restrict the credential to. items: type: string type: - array - 'null' title: Service Principal Service Create Credential Request type: object x-speakeasy-name-override: ServicePrincipalServiceCreateCredentialRequest c1.api.service_principal.v1.ServicePrincipalServiceCreateCredentialResponse: description: The ServicePrincipalServiceCreateCredentialResponse message. properties: clientSecret: description: >- The client secret. Shown exactly once at creation -- cannot be retrieved again. type: - string - 'null' credential: oneOf: - $ref: >- #/components/schemas/c1.api.service_principal.v1.ServicePrincipalCredential - type: 'null' title: Service Principal Service Create Credential Response type: object x-speakeasy-name-override: ServicePrincipalServiceCreateCredentialResponse c1.api.service_principal.v1.ServicePrincipalCredential: description: >- ServicePrincipalCredential represents a client credential for a service principal. properties: allowSourceCidrs: description: CIDR restrictions for this credential. items: type: string readOnly: true type: - array - 'null' clientId: description: >- The full client ID in format: ${cutename}@${tenant}.${installation}/spc readOnly: true type: - string - 'null' createdAt: format: date-time readOnly: true type: - string - 'null' displayName: description: The display name of the credential. type: - string - 'null' expiresAt: format: date-time readOnly: true type: - string - 'null' id: description: The unique ID of the credential (cutename format). readOnly: true type: - string - 'null' lastUsedAt: format: date-time readOnly: true type: - string - 'null' requireDpop: description: Whether DPoP proof-of-possession is required for this credential. readOnly: true type: - boolean - 'null' scopedRoleIds: description: >- Scoped role IDs for this credential (intersection with SP roles at token issuance). items: type: string readOnly: true type: - array - 'null' servicePrincipalId: description: The service principal user ID this credential belongs to. readOnly: true type: - string - 'null' title: Service Principal Credential type: object x-speakeasy-name-override: ServicePrincipalCredential securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````