List providers
Response
Provider responses never include credentials. The
api_key or secret used to authenticate with the upstream provider is stored encrypted and is write-only from the API’s perspective.Create or upsert a provider
| Field | Type | Required | Description |
|---|---|---|---|
kind | string | yes | Provider type (polygon, fmp, …). |
label | string | yes | Human-readable label. |
credentials | object | yes | Upstream credentials. Stored encrypted; never returned. |
kind + label exists, it is upserted (credentials replaced). Requires the providers:write scope.
Response
credentials is not in the response.
List dataset snapshots
Response
Security
- Credentials are stored encrypted at rest.
- The API never returns credentials, even to the principal that created them.
- Credential updates are auditable (who, when) but the credential value itself is not logged.
Related
- Scopes — the
providers:writecapability - Tenant isolation — providers are tenant-scoped