Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.enneo.ai/llms.txt

Use this file to discover all available pages before exploring further.

Enneo provides centralized storage for secrets such as API tokens, Client secrets, or Basic Auth credentials, which can be referenced in the headers of API call executors through placeholders. Values are masked in the interface and are never included in API responses. Secrets are used especially for direct API call execution (type apiCall) so that authentication headers can be set without storing the actual token value in the executor definition.

Managing Secrets

Secrets are managed in the settings under System Integration → Secrets. Each entry consists of:
  • Key — the name of the secret, for example MY_API_TOKEN. This name is referenced in the placeholder.
  • Value — the actual value. Displayed masked in the interface and not included in API responses.
An unlimited number of secrets can be stored.

Using Secrets in API Call Executors

In the header values of an API call executor, secrets can be referenced via the placeholder {{secret.KEY}}. When the executor is executed, Enneo replaces the placeholder with the stored value. Example header of an API call executor: 
{
  "Authorization": "Bearer {{secret.MY_API_TOKEN}}",
  "X-Api-Key": "{{secret.PARTNER_API_KEY}}",
  "Accept": "application/json"
}
If a secret with the specified key does not exist, the placeholder remains in the header value — the call will generally fail with an authentication error rather than continuing with an empty token.
Placeholders are only resolved in header values, not in URL, Body or Parameters. Inside Sandbox executors (type code), secrets can be read via the SDK — see below.

Using secrets from the SDK (sandbox executors, type code)

In sandbox executors, the SDK exposes ApiEnneo.getSecret(key). It returns the stored value of the secret, or null/None if the key is not configured. This lets your code authenticate against external systems without hard-coding credentials. 
token = ApiEnneo.getSecret('MY_API_TOKEN')
if not token:
    raise RuntimeError('MY_API_TOKEN is not configured')

headers = {
    'Authorization': f'Bearer {token}',
    'Accept': 'application/json',
}
response = Api.call('GET', 'https://my-api.example.com/v1/orders', headers)
Read secrets only at runtime via getSecret. Do not log them, return them from the executor, or include them in error messages.

Permissions

Read and write access to the executorSecrets setting require the updateAiAgent permission. Values are masked in the interface and are not included in reading endpoints.