Secrets for System Integration via API
Secrets are a feature for securely managing credentials required when integrating with external services or internal systems.
API keys, connection strings, and OAuth client secrets are stored encrypted and can be safely referenced from within API definitions.
Common Use Cases
| Use Case | Examples |
|---|---|
| Requests to external APIs | Slack Webhook URL, payment service API key |
| External database connections | Connection strings (PostgreSQL, MySQL, etc.) |
| OAuth client authentication | Client ID and client secret |
| Email sending services | SMTP credentials, SendGrid API key |
Steps to Register a Secret
- Select a team in the console.
- Open the "Secrets" menu.
- Click "Add New Secret".
- Fill in the following fields:
| Field | Description |
|---|---|
| Key Name | The name used to reference the secret in API definitions (e.g., SLACK_WEBHOOK_URL) |
| Value | The actual secret value (cannot be viewed after saving) |
| Description (optional) | A note about the purpose of this secret |
- Click "Save".
Caution
Once saved, the secret value cannot be viewed in the console.
Back it up in a secure location beforehand if needed.
How to Reference a Secret
Registered secrets can be referenced as environment variables inside the custom code (Embed Code) of a MicroService API.
// Example: referencing the secret "SLACK_WEBHOOK_URL"
const webhookUrl = process.env.SLACK_WEBHOOK_URL;
Updating or Deleting a Secret
- Update: Select the target key from the secrets list, enter a new value, and save.
- Delete: Delete the target secret from the secrets list. Note that any API referencing the deleted key will stop functioning.