Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.enneo.ai/llms.txt

Use this file to discover all available pages before exploring further.

Enneo offers a centralized storage for secrets — for example, API tokens, client secrets or basic-auth credentials — which can be referenced in the headers of API call executors via placeholders. Values are masked in the interface and never output in API responses. Secrets are particularly used for direct API call execution (type apiCall), so authentication headers can be set without storing the actual token value in the executor definition.

Managing Secrets

Secrets are managed in the settings under System integration → Secrets. Each entry consists of:
  • Key — the name of the secret, such as MY_API_TOKEN. This name is referenced in the placeholder.
  • Value — the actual value. It is presented masked in the interface and is not included in API responses.
An arbitrary number of secrets can be stored.

Using Secrets in API call executors

In the header values of an API call executor, secrets can be referenced via the placeholder {{secret.KEY}}. When executing the executor, Enneo replaces the placeholder with the stored value. Example header of an API call executor: 
{
  "Authorization": "Bearer {{secret.MY_API_TOKEN}}",
  "X-Api-Key": "{{secret.PARTNER_API_KEY}}",
  "Accept": "application/json"
}
If a secret with the specified key does not exist, the placeholder remains in the header value — the call will therefore typically abort with an authentication error rather than being forwarded with an empty token.
Placeholders are resolved exclusively in header values, not in URL, body, or parameters. Within sandbox executors (type code), secrets can be read via the SDK — see below.

Secrets in the SDK (Sandbox executors type code)

In sandbox executors, the SDK provides the ApiEnneo.getSecret(key) method. It returns the stored value of the secret or null/None if the key is not configured. This way, secrets can be used without storing them in the code. 
token = ApiEnneo.getSecret('MY_API_TOKEN')
if not token:
    raise RuntimeError('MY_API_TOKEN is not configured')

headers = {
    'Authorization': f'Bearer {token}',
    'Accept': 'application/json',
}
response = Api.call('GET', 'https://my-api.example.com/v1/orders', headers)
Secrets should only be read at runtime via getSecret and not be output in logs, return values or error messages.

Permissions

Reading and writing the executorSecrets setting requires the updateAiAgent permission. Values are masked on the interface and are not output in read endpoints.