a workaround you could do then is to encode the key:secret as base64 outside the code , maybe on your device or using an online encoder.
then you can create a secret for that base64 and use it directly without encoding inside your code.
Original Message:
Sent: Tue March 25, 2025 03:48 AM
From: Yongwon Song
Subject: How to use API Secret values in REST API Functions without hardcoding them
Hello, Mohamad islam Hamadieh.
Thank you for reply.
I have already tried the link you attached.
I created a secret key in app.config and then added it to the The intention is to get the secret key from the playbook and use it as the basic in the header.
However, the problem is that base64 doesn't encode the imported value, it encodes the variable name as it is.
Thank you.
------------------------------
Yongwon Song
Original Message:
Sent: Thu March 20, 2025 05:09 AM
From: Mohamad islam Hamadieh
Subject: How to use API Secret values in REST API Functions without hardcoding them
Hi Yongwon ,
please refer to this part of the documentation, I'm sure you can use these secrets defined here in your app configuration but not sure if you can use them in a playbook you have to test that.
------------------------------
Mohamad islam Hamadieh
I post SOAR content and tips on linkedIn , follow me :)
https://linkedin.com/in/mohamadislam
Original Message:
Sent: Thu March 20, 2025 02:26 AM
From: Yongwon Song
Subject: How to use API Secret values in REST API Functions without hardcoding them
Hello, Everyone
I am trying to query a DataTable using the REST API.
Currently, the API key and secret need to be hardcoded in the REST API function. However, the client considers this a security issue and is looking for an alternative method.
The official IBM documentation (GitHub) only provides examples using tokens, and community responses I've found also suggest hardcoding as the only method.
If anyone has solved this issue before or has a good idea, please share your insights.
Below are the links I referenced.
Github : https://github.com/ibmresilient/resilient-community-apps/tree/main/fn_rest_api#example--
Community Links
https://community.ibm.com/community/user/security/question/rest-api-how-to-get-data-from-soar-by-call-api-to-soar-itself#0049151b-2804-4f11-b30f-0192e2ecf9ae
https://community.ibm.com/community/user/security/discussion/call-rest-api-to-servicenow-using-basic-authentication-error#bm91c68550-85be-4f37-8f61-50bccc74a5a5
http://community.ibm.com/community/user/security/discussion/call-rest-api-function-script-authentication-parameter-help#bm882305b4-5e87-4bb8-9d67-018ea692cd95
https://community.ibm.com/community/user/security/discussion/apphost-rest-api-function#bm4550dace-fa00-4ab3-a5f0-7beef6a8a08a
------------------------------
Yongwon Song
------------------------------