How to use scenario secrets in Send Request
In Scenario Builder, a Send Request node can take secrets from Scenario secrets (Settings) by inserting a secret reference into the URL, headers, or body — without typing a token or password manually.
When you need this
- An API needs Bearer/Basic/API key in the URL, a header, or JSON body, and the key is already saved under Scenario secrets.
- You need one key in the query string (
?token=…) and another in the Authorization header. - After rotating a key in Settings, scenarios should keep working without editing every node.
What to know
- The capability is enabled by the instance administrator (feature toggles in Instance settings). Without it, insert buttons do not appear — use Basic/Bearer as before.
- The scenario stores a reference (a text marker), not the secret value. Decryption happens only on the server when the request runs.
- Send Request UI buttons:
- Insert auth header — adds authentication to the Authorization header.
- Insert secret reference — inserts a field from the selected secret into the URL, header value, or body.
- Add non-secret headers (client id, locale) manually with
{{variable}}placeholders. - Older nodes with a Credential dropdown or Basic/Bearer in parameters still work — you do not need to change them unless you want to migrate.
Before you start
An administrator enabled Scenario secrets and created the record (see manage scenario secrets). The record’s Allowed consumers include Send Request. You can edit the scenario in Scenario Builder. The scenario has an Action → Send Request node.
Step-by-step
1. Open Send Request configuration
- Click the Action node with the Send Request template on the canvas.
- In Node Inspector (right panel), use Form mode when the form/JSON toggle is available.
2. Insert a secret into the URL (optional)
- In the Method + URL block, click the key icon next to the URL field (Insert secret reference).
- Pick the record and field (for example, API key value).
- The marker is inserted into the URL — typically for a query parameter like
?token=….
3. Set authentication in headers
- In the Headers block, click Insert auth header.
- The system adds an Authorization header with a reference to the selected secret (Bearer or Basic).
- For an API key in a custom header, use Insert secret reference on that header’s value.
4. Insert a secret into the body (optional)
- In the Body block, choose the format (JSON, form data, etc.).
- For JSON — Insert secret reference in the body editor; for key/value pairs — key icon on the value field.
- Use for
client_secret, tokens in JSON body, and form fields.
5. Save and test
- Click Save on the scenario.
- Run scenario test or verify on a staging instance.
- On auth errors, check record type, Rotate secret, or allowed actions in Settings.
Older nodes (Credential field or Basic/Bearer)
- Credential dropdown — legacy UX; configure new nodes with field insertion.
- Basic auth / Bearer auth without saved secrets — behave as before Scenario secrets.
- A Legacy auth info block shows existing old fields without changing them automatically.
Scenario import
If import warns about a missing secret, create a record with the required slug in Settings or pick another record in the node. Inline markers are matched by slug on the target instance.