Create a static API-token credential
Creates a system.credential of kind: api_token carrying an upstream service’s API base URL + the user-supplied bearer token (encrypted at rest). The resulting credential id is passed as credential_ref on subsequent POST /connections/install calls.
For integrations whose upstream uses a static bearer (Todoist, Readwise, Raindrop, etc) rather than the OAuth dance. The connection proxy stamps the bearer transparently on every call; there is no refresh primitive — when the upstream rejects the token (401), the proxy surfaces 401 and emits a system.activity of severity action_required asking the operator to reinstall with a fresh token.
The bearer is encrypted server-side under the connectionOauthToken HKDF domain (AES-256-GCM) — same encryption domain that protects OAuth client secrets and access/refresh tokens. The plaintext is never returned by any read path.
Tenant-scoped: the credential is created in the calling key’s tenant.
Documentation Index
Fetch the complete documentation index at: https://docs.myme.so/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Pass an API key (marfa_k1_...) or OAuth access token (marfa_at_...)
Body
Response
Credential created. Returns the new credential's id for use as credential_ref on install.