As organizations continue to grow, managing access credentials by the IT teams to authenticate requests to their third-party tools has become a productivity killer. IT teams must constantly check for the token changes and update them manually across all the workflows, which is time-consuming.

With the Centralized Credential Store,

  • Manage and reference your credentials easily while triggering webhooks or invoking web requests nodes.

  • Update your changes in the credentials store and have them reflected across all the workflows.

  • Perform any third-party calls irrespective of the authentication mechanism like OAuth 2.0, API key, and much more.

 Creating a new Credential 

 1. Navigate to Admin → Automation & Productivity → Credentials

 2. Click on New Credential .

3. Enter a Name and select the respective Authentication Type for your Credential.

Authentication Type



Basic Auth

Username: Email address

Password: Password

Use Basic Auth type when your request involves sending a verified username and password.

Note: Freshservice API key authentication can be achieved by using basic auth with the following values.

Username: <API key>

Password: x

API key

Key: Authorization key specific to 3rd party

Value: API key

Use API key type to perform actions on applications that require an API key to authorize.

No Auth


Use No Auth type when your request does not require authorization. 

OAuth 2.0

Grant Type: The options depend on the API service provider requirements

  1. Authorization code: The authorization code grant type requires the user to authenticate with the provider.

  2.  Client credentials: Client credentials grant type is typically not used to access user data but for data associated with the client application.

Authorization URL: The endpoint for the API provider authorization server to retrieve the auth code.

Access Token URL: The provider's authentication server to exchange an authorization code for an access token.

Client ID: The ID for your client application registered with the API provider.

Client Secret: The client secret given to you by the API provider.

Scope: The scope of access you are requesting, which may include multiple space-separated values.

Client Authentication: A dropdown—send a Basic Auth request in the header or client credentials in the request body.

Use OAuth type when you need to provide client applications with secure delegated access.

OAuth 2.0, you first retrieve an access token for the API, then use that token to authenticate future requests.

For apps that require redirect URL, use the below format https://<>



4. Update the required details for each type and click on Save.

5. You can now reference your credentials from workflows while triggering webhooks or invoking web request nodes.