Credentials

Browse topics

Build an Applet Overview Quick Start Manifest Reference Method Architecture Entities & Storage Skills Agent Tools Permissions & Scopes CLI Testing

SDK Primitives Overview HTTP OAuth WebSocket Relay Database (SQLite) Key-Value Content Cache Project Filesystem Credentials Events Cron / Scheduler Feed Parsing

Platform & Discovery Resources Projects Places Stages Git Activity Notifications Clipboard Browser

RobinPath Overview

On this page

Secrets are not readable
Storing a secret
Manifest configuration
Notes

Store secrets and read credential metadata; secret values are never readable by applets.

Applets can store a secret and read credential metadata, but they can never read a secret value back. Secret material stays in the host’s encrypted credential store and is injected at the point of use (for example, the auth header in ctx.sdk.http.requestAuthed), so it never crosses into the bundle. To obtain and store a token, use the OAuth flow.

Scope required: credentials:read (metadata) / credentials:store

Secrets are not readable

By design, credentials are never per-applet and are never handed back to applet code. There is no get that returns a secret value. When you complete an OAuth flow the access token is returned exactly once for the setup call, after which the bundle should not hold it: read it implicitly via requestAuthed, which pulls fresh from the credential store on every request.

// After this, the bundle should NOT hold accessToken. Read via
// requestAuthed instead, which pulls fresh from the credential store
// on every request.
const res = await ctx.sdk.http.requestAuthed({
  resourceId,
  method: "GET",
  path: "shop.json",
});

Storing a secret

Secrets are written through the OAuth Authorization Code flow, which performs the token exchange host-side and stores the result in the credential store. The bundle declares where the token lands via storeAs; it never sees the verifier or the stored value afterward.

const result = await ctx.sdk.oauth.completeAuthCodeFlow({
  // ...authorize + exchange config...
  storeAs: {
    source: "websiteCredential",
    key: `shopify:${resourceId}`,       // bundle owns naming
    provider: "shopify",                // optional tag
  },
});
// result.accessToken is returned ONCE for setup; do not retain it.

See OAuth for the full flow.

Manifest configuration

{
  "scopes": [
    "credentials:read",
    "credentials:store"
  ]
}

Notes

Applets cannot read, list, or enumerate stored secret values. credentials:read grants metadata only; secrets stay in the host.
The access token from completeAuthCodeFlow is returned once for the setup call. After that, read it implicitly through requestAuthed rather than retaining it.
Per-applet credential storage is a deprecated legacy surface. New applets store secrets through the OAuth flow and consume them through requestAuthed.
For non-secret state, use key-value storage instead.