Vault API

The Nayker Vault handles secure credential storage and automatic OAuth token refresh. Agents never see the long-lived refresh tokens; they only request short-lived access tokens right before execution.

Requesting Tokens

When an agent needs to access a third-party service, it requests a token from the Vault. If the access token is expired, Nayker automatically handles the OAuth refresh cycle before returning the new token.

TypeScript

// Fetch a valid Stripe token from the vault
const token = await nayker.vault.getToken('stripe_prod_account');

const response = await fetch('https://api.stripe.com/v1/customers', {
  headers: { 'Authorization': `Bearer ${token.access_token}` }
});

Python

# Fetch a valid Stripe token from the vault
token = nayker.vault.get_token('stripe_prod_account')

response = requests.get(
    'https://api.stripe.com/v1/customers',
    headers={'Authorization': f'Bearer {token.access_token}'}
)

Response Object

{
  "provider": "stripe",
  "access_token": "rk_live_abc123...",
  "expires_in": 3600,
  "scopes": ["read_write"]
}

Common Errors

vault_not_found: The requested credential key does not exist.
oauth_refresh_failed: The underlying refresh token was revoked by the user at the third-party provider. Manual re-authentication required.

← Previous: Policies Next: Workflows →