Create integration credentials

Create new integration credentials for connecting to external services.

Stores encrypted credentials for connecting to third-party services like Google Drive, SharePoint, SFTP servers, or PostgreSQL databases. Credentials are encrypted at rest using AES-256-GCM and scoped to the user's organization for security isolation.

Context: This endpoint is the primary mechanism for establishing connections to external integrations. After credentials are created, they can be used in: - Flow tasks that require external data sources (file inputs, database queries) - Webhook subscriptions for real-time data synchronization - Batch data imports from cloud storage providers - Database query operations within workflow executions - OAuth-based integrations (after completing OAuth flow first)

Credentials are never stored in plaintext and cannot be retrieved after creation.
For OAuth providers (Google, SharePoint), complete the authorization flow first,
then the callback handler automatically creates credentials.

Use Cases: Create SFTP credentials for connecting to a file server to download CSV files in a workflow.

Store PostgreSQL database credentials to enable SQL query tasks in flows.

After testing connection with POST /integrations/sftp/test-connection, create permanent credentials.

Related Endpoints: - POST /integrations/sftp/test-connection - Test SFTP credentials before saving - POST /integrations/postgres/test-connection - Test PostgreSQL credentials before saving - GET /integrations/google/authorize - Initiate Google OAuth flow - GET /integrations/sharepoint/authorize - Initiate SharePoint OAuth flow - GET /integrations/credentials - List all user credentials - GET /integrations/credentials/{credential_id} - Get specific credential metadata - DELETE /integrations/credentials/{credential_id} - Delete credential - PATCH /integrations/credentials/{credential_id} - Update credential

Security: - Credentials are encrypted using Fernet (AES-256-GCM) before database storage - Encryption keys are managed via environment variables and never exposed via API - Passwords, private keys, and tokens are never logged or included in API responses - Credentials are scoped to organization with strict isolation enforced at query level - OAuth tokens are automatically refreshed when expired (no user action required) - Audit trail: Created timestamps and user associations tracked for compliance

Notes: - Always test credentials before creating them (use test-connection endpoints) - OAuth credentials require completing the OAuth authorization flow first - Maximum 50 credentials per provider per organization (contact support for higher limits) - Credentials cannot be retrieved in plaintext after creation (security by design) - For SFTP key_file authentication, ensure private key is in valid PEM format - PostgreSQL connection_string takes precedence over individual connection fields