> ## Documentation Index
> Fetch the complete documentation index at: https://docs.akua.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Create registry credential

> Adds a registry credential to the workspace for OCI proxy authentication.



## OpenAPI

````yaml /openapi-public.json post /registry_connections
openapi: 3.1.0
info:
  title: Akua API
  version: 1.0.0
  description: >-
    Public API for managing Akua workspaces, clusters, products, and installs.


    Authenticate with a workspace API token via the `Authorization: Bearer
    sk_akua_...` header.


    A workspace-owned token implies its workspace. Broad tokens select the
    active workspace via the optional `Akua-Context` header.
  contact:
    name: Akua API support
    email: support@akua.dev
    url: https://akua.dev/docs
servers:
  - url: https://api.akua.dev/v1
    description: Production
security: []
tags:
  - name: Auth
    description: Authentication and token management.
  - name: Agents
    description: Agent identities and configuration.
  - name: Agent sessions
    description: Durable agent conversations and tasks.
  - name: Agent turns
    description: Submitted agent work and event emission.
  - name: Agent events
    description: Normalized agent event history and streams.
  - name: Custom domains
    description: Workspace custom domains and routing targets.
  - name: Cloudflare
    description: Cloudflare account credentials and gateway control.
  - name: Clusters
    description: Kubernetes clusters and cluster access operations.
  - name: ComputeConfigs
    description: Workspace compute provider configurations.
  - name: Entitlements
    description: Effective workspace capabilities and limits.
  - name: Dashboards
    description: Dashboard and widget resources.
  - name: Installs
    description: Installation and render operations.
  - name: Machines
    description: Compute machines and lifecycle events.
  - name: Notifications
    description: User notification state.
  - name: Offer Channels
    description: Private offer channels and policy versions.
  - name: Offers
    description: Marketplace offers and redemption tracking.
  - name: Operations
    description: Long-running operation status and controls.
  - name: Order Drafts
    description: Draft checkout orders and checkout sessions.
  - name: Organizations
    description: Organizations, memberships, and managed workspaces.
  - name: Packages
    description: Software packages, versions, and input schemas.
  - name: Products
    description: Marketplace product catalog resources.
  - name: Preview hostnames
    description: Install preview hostnames and routing state.
  - name: Quotas
    description: Workspace quota limits and usage.
  - name: Regions
    description: Available deployment regions.
  - name: Registry
    description: Container registry credentials and repositories.
  - name: Repository change requests
    description: Fork-backed repository change reviews and lifecycle actions.
  - name: Repositories
    description: Source repositories available to the workspace.
  - name: Secrets
    description: Workspace secrets and secret versions.
  - name: Snippets
    description: Reusable snippets and snippet runs.
  - name: Workspace subdomains
    description: Workspace subdomain identity.
  - name: Workspaces
    description: Workspace resources, members, and billing state.
paths:
  /registry_connections:
    post:
      tags:
        - Registry
      summary: Create registry credential
      description: >-
        Adds a registry credential to the workspace for OCI proxy
        authentication.
      operationId: registry.createCredential
      parameters:
        - schema:
            type: string
            minLength: 1
            maxLength: 53
            description: >-
              Optional workspace/scope context for the request. Carries a single
              workspace wire id (`ws_…`) today. Only needed for broad tokens — a
              workspace-owned token implies its workspace.
            example: ws_j572abc123def456
          required: false
          description: >-
            Optional workspace/scope context for the request. Carries a single
            workspace wire id (`ws_…`) today. Only needed for broad tokens — a
            workspace-owned token implies its workspace.
          name: akua-context
          in: header
        - schema:
            type: string
            minLength: 1
            maxLength: 64
            description: >-
              Optional caller-supplied idempotency key. Any non-empty key up to
              64 characters is accepted. Endpoint-specific documentation
              describes how the key is used.
            example: create-prod-2026-05-07
          required: false
          description: >-
            Optional caller-supplied idempotency key. Any non-empty key up to 64
            characters is accepted. Endpoint-specific documentation describes
            how the key is used.
          name: idempotency-key
          in: header
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                name:
                  type: string
                  minLength: 1
                  maxLength: 100
                  example: GitHub Container Registry
                registry_url:
                  type: string
                  minLength: 1
                  maxLength: 2048
                  example: ghcr.io
                type:
                  type: string
                  enum:
                    - basic
                    - token
                    - oauth
                  description: Authentication scheme used to talk to the upstream registry.
                credentials:
                  type: object
                  properties:
                    username:
                      type: string
                      minLength: 1
                      maxLength: 200
                      description: Username for basic auth
                    password:
                      type: string
                      minLength: 1
                      maxLength: 500
                      description: Password for basic auth
                    token:
                      type: string
                      minLength: 1
                      maxLength: 2000
                      description: Bearer token for token auth
                    client_id:
                      type: string
                      minLength: 1
                      maxLength: 200
                      description: Client ID for OAuth
                    client_secret:
                      type: string
                      minLength: 1
                      maxLength: 500
                      description: Client secret for OAuth
                    token_url:
                      type: string
                      minLength: 1
                      maxLength: 2048
                      description: Token endpoint URL for OAuth
                  description: Auth credentials (type-dependent)
              required:
                - name
                - registry_url
                - type
                - credentials
              additionalProperties: false
      responses:
        '201':
          description: Credential created
        '400':
          description: Bad request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiErrorResponse'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiErrorResponse'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiErrorResponse'
        '409':
          description: Conflict
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiErrorResponse'
        '422':
          description: Unprocessable entity
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiErrorResponse'
      security:
        - BearerAuth: []
components:
  schemas:
    ApiErrorResponse:
      type: object
      properties:
        success:
          type: boolean
          enum:
            - false
        errors:
          type: array
          items:
            $ref: '#/components/schemas/ApiErrorEntry'
        result:
          type: object
          properties: {}
          description: Always empty for error responses
      required:
        - success
        - errors
        - result
    ApiErrorEntry:
      type: object
      properties:
        code:
          type: integer
          example: 7002
          description: Machine-readable error code
        message:
          type: string
          example: Resource not found
          description: Human-readable error message
        path:
          type: array
          items:
            type: string
          example:
            - body
            - name
          description: Field path that caused the error, when applicable
        metadata:
          type: object
          additionalProperties:
            type: string
      required:
        - code
        - message
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      description: >-
        workspace API token (sk_akua_...) or OAuth2 JWT. Create tokens at
        https://akua.dev/developers/api-tokens

````