> ## Documentation Index > Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # Create Credential > CreateCredential creates a new client credential for a service principal. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/service_principals/{service_principal_id}/credentials openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/service_principals/{service_principal_id}/credentials: post: tags: - Service Principal summary: Create Credential description: >- CreateCredential creates a new client credential for a service principal. operationId: c1.api.service_principal.v1.ServicePrincipalService.CreateCredential parameters: - in: path name: service_principal_id required: true schema: description: The service principal ID to create the credential for. readOnly: false type: string requestBody: content: application/json: schema: $ref: >- #/components/schemas/c1.api.service_principal.v1.ServicePrincipalServiceCreateCredentialRequestInput responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.service_principal.v1.ServicePrincipalServiceCreateCredentialResponse description: Successful response x-codeSamples: - lang: go label: CreateCredential source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/operations\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.Principal.CreateCredential(ctx, operations.C1APIServicePrincipalV1ServicePrincipalServiceCreateCredentialRequest{\n ServicePrincipalID: \"\",\n })\n if err != nil {\n log.Fatal(err)\n }\n if res.ServicePrincipalServiceCreateCredentialResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.principal.createCredential({ servicePrincipalId: "", }); console.log(result); } run(); components: schemas: c1.api.service_principal.v1.ServicePrincipalServiceCreateCredentialRequestInput: description: The ServicePrincipalServiceCreateCredentialRequest message. properties: allowSourceCidrs: description: |- A list of CIDRs to restrict this credential to. Accepts IPv4 (e.g. 10.0.0.0/24) or IPv6 (e.g. 2001:db8::/32) CIDRs. items: type: string nullable: true readOnly: false type: array displayName: description: The display name for the new credential. readOnly: false type: string expires: format: duration readOnly: false type: string requireDpop: description: >- If true, requires DPoP proof-of-possession for token exchange using this credential. readOnly: false type: boolean scopedRoles: description: The list of roles to restrict the credential to. items: type: string nullable: true readOnly: false type: array title: Service Principal Service Create Credential Request type: object x-speakeasy-name-override: ServicePrincipalServiceCreateCredentialRequest c1.api.service_principal.v1.ServicePrincipalServiceCreateCredentialResponse: description: The ServicePrincipalServiceCreateCredentialResponse message. properties: clientSecret: description: >- The client secret. Shown exactly once at creation -- cannot be retrieved again. readOnly: false type: string credential: $ref: >- #/components/schemas/c1.api.service_principal.v1.ServicePrincipalCredential title: Service Principal Service Create Credential Response type: object x-speakeasy-name-override: ServicePrincipalServiceCreateCredentialResponse c1.api.service_principal.v1.ServicePrincipalCredential: description: >- ServicePrincipalCredential represents a client credential for a service principal. properties: allowSourceCidrs: description: CIDR restrictions for this credential. items: type: string nullable: true readOnly: true type: array clientId: description: >- The full client ID in format: ${cutename}@${tenant}.${installation}/spc readOnly: true type: string createdAt: format: date-time readOnly: true type: string displayName: description: The display name of the credential. readOnly: false type: string expiresAt: format: date-time readOnly: true type: string id: description: The unique ID of the credential (cutename format). readOnly: true type: string lastUsedAt: format: date-time readOnly: true type: string requireDpop: description: Whether DPoP proof-of-possession is required for this credential. readOnly: true type: boolean scopedRoleIds: description: >- Scoped role IDs for this credential (intersection with SP roles at token issuance). items: type: string nullable: true readOnly: true type: array servicePrincipalId: description: The service principal user ID this credential belongs to. readOnly: true type: string title: Service Principal Credential type: object x-speakeasy-name-override: ServicePrincipalCredential securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````