Save API key credential

Save an API key credential for a provider that uses api_key auth mode. If profileId is provided, it must belong to the authenticated actor (returns 403 otherwise).

POST/api/connections/connect/{scope}/{name}/api-key

Authorization

better-auth.session_token<token>

Cookie session from Better Auth. Requires X-Org-Id header for org-scoped routes.

In: cookie

Path Parameters

scope*string

Provider scope (e.g. @appstrate)

Match^@[a-z0-9][a-z0-9-]*$

name*string

Provider name (e.g. gmail)

Header Parameters

X-Org-Id?string

Organization ID. Required for cookie auth. Not needed for API key auth (org resolved from key).

Formatuuid

Request Body

application/json

apiKey*string

API key value

profileId?string

Connection profile ID (defaults to user's default profile)

Formatuuid

curl -X POST "https://loading/api/connections/connect/string/string/api-key" \  -H "Content-Type: application/json" \  -d '{    "apiKey": "string"  }'

{
  "success": true
}

{
  "type": "https://docs.appstrate.dev/errors/invalid-request",
  "title": "Invalid Request",
  "status": 400,
  "detail": "Field is required",
  "code": "invalid_request",
  "requestId": "req_abc123"
}

{
  "type": "https://docs.appstrate.dev/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Invalid or missing session",
  "code": "unauthorized",
  "requestId": "req_abc123"
}

{
  "type": "https://docs.appstrate.dev/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "Insufficient permissions",
  "code": "forbidden",
  "requestId": "req_abc123"
}