> ## Documentation Index
> Fetch the complete documentation index at: https://docs.apyguard.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Credentials

> Manage API credentials in ApyGuard for token-based, login-based, OIDC, and OAuth2 authentication workflows.

## Overview

Credentials store the access details ApyGuard needs for authenticated testing. They can represent user identities, service identities, API keys, or OAuth client applications.

<CardGroup cols={2}>
  <Card title="Password credentials" icon="user">
    Use username and password combinations for login-based authentication flows.
  </Card>

  <Card title="API key credentials" icon="key-square">
    Store API keys or related identifiers used for static token authentication.
  </Card>

  <Card title="OIDC credentials" icon="shield-check">
    Save client ID, client secret, and scopes for OpenID Connect flows.
  </Card>

  <Card title="OAuth2 credentials" icon="key-round">
    Create password grant or client credentials grant records for OAuth2 authentication.
  </Card>
</CardGroup>

## What to include

* Role name
* Description
* Environment-appropriate secrets
* Scope values when needed
* Whether the credential should be used for authenticated testing
  <Frame>
    <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-11.23.16.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=238f107786a48f285324832ed1a8f3e5" alt="Screenshot 2026 05 12 At 11 23 16" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-11.23.16.png" />
  </Frame>
  <Frame>
    <img src="https://mintcdn.com/apyguard-390a5608/qk85_EKOZHWubuMo/images/Screenshot-2026-05-12-at-11.23.23.png?fit=max&auto=format&n=qk85_EKOZHWubuMo&q=85&s=5668c34c43cb506c095037d4d8dae446" alt="Screenshot 2026 05 12 At 11 23 23" width="1911" height="899" data-path="images/Screenshot-2026-05-12-at-11.23.23.png" />
  </Frame>

## Best practices

* Use descriptive roles like `Admin`, `Support`, or `Integration Bot`
* Keep descriptions clear so scan results are easy to interpret
* Separate credentials by environment
* Review and rotate credentials after security changes

## Related pages

* [Authorization Settings](/core-workflows/authorization-settings)
* [Authentication Overview](/authentication/overview)
* [Predefined Token](/authentication/predefined-token)
