Skip to main content
POST
/
v1
/
organizations
/
secrets
Create Secret
curl --request POST \
  --url https://api.mixpeek.com/v1/organizations/secrets \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "secret_name": "<string>",
  "secret_value": "<string>"
}
'
{
  "secret_name": "<string>",
  "created": true,
  "updated": true,
  "deleted": true
}

Headers

Authorization
string
required

REQUIRED: Bearer token authentication using your API key. Format: 'Bearer sk_xxxxxxxxxxxxx'. You can create API keys in the Mixpeek dashboard under Organization Settings.

Body

application/json

Request to create a new secret in the organization vault.

Secrets are encrypted at rest using Fernet encryption and stored in the organization document. Use secrets to securely store API keys, tokens, and credentials for external services.

Use Cases:

  • Store API keys for Stripe, GitHub, OpenAI, etc.
  • Manage authentication tokens for api_call retriever stage
  • Store credentials for third-party integrations

Security:

  • Secret values are encrypted using ENCRYPTION_KEY from environment
  • Decrypted values are NEVER returned in API responses
  • Only secret names are exposed in list operations
  • Access is logged for audit trail

Requirements:

  • secret_name: REQUIRED, must be unique within organization
  • secret_value: REQUIRED, plaintext value to encrypt

Permissions: Requires ADMIN permission to create secrets.

secret_name
string
required

REQUIRED. Name/key for the secret. Use descriptive names that indicate the service and purpose. Must be unique within the organization. Format: lowercase with underscores (e.g., 'stripe_api_key'). Common patterns: '{service}{type}{environment}' like 'stripe_api_key_prod'. This name is used to reference the secret in api_call stage configuration. Examples: 'stripe_api_key', 'github_token', 'openai_api_key', 'weather_api_key'.

Required string length: 1 - 100
secret_value
string
required

REQUIRED. Plaintext secret value to encrypt and store. This value will be encrypted at rest using Fernet encryption. The encrypted value is stored in MongoDB with the organization document. The plaintext value is NEVER logged or exposed in API responses. Only the secret name is visible when listing secrets. Use this field to store: API keys, tokens, passwords, credentials. Format: any string (will be encrypted as-is). For Basic auth, use format 'username:password'.

Minimum string length: 1

Response

Successful Response

Response for secret operations (NEVER includes actual decrypted value).

This response is returned after creating, updating, or deleting a secret. For security, the actual secret value is NEVER included in API responses. Only the secret name and operation status are returned.

Security:

  • Decrypted secret values are NEVER included
  • Only secret name and operation status returned
  • Actual value only accessible by internal services

Fields:

  • secret_name: Name of the secret that was operated on
  • created: True if secret was created (null for other operations)
  • updated: True if secret was updated (null for other operations)
  • deleted: True if secret was deleted (null for other operations)
secret_name
string
required

Name of the secret that was operated on. This is the same name provided in the request. Use this name to reference the secret in api_call stage configuration.

created
boolean | null

True if this secret was created, null otherwise. Only set for POST /secrets operations.

updated
boolean | null

True if this secret was updated, null otherwise. Only set for PUT /secrets/{name} operations.

deleted
boolean | null

True if this secret was deleted, null otherwise. Only set for DELETE /secrets/{name} operations.