Workflow Secrets
curl --request GET \
--url https://encrata.com/api/workflows/secrets \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"name": "<string>",
"value": "<string>"
}
'import requests
url = "https://encrata.com/api/workflows/secrets"
payload = {
"name": "<string>",
"value": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.get(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'GET',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({name: '<string>', value: '<string>'})
};
fetch('https://encrata.com/api/workflows/secrets', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://encrata.com/api/workflows/secrets",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_POSTFIELDS => json_encode([
'name' => '<string>',
'value' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://encrata.com/api/workflows/secrets"
payload := strings.NewReader("{\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n}")
req, _ := http.NewRequest("GET", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://encrata.com/api/workflows/secrets")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://encrata.com/api/workflows/secrets")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n}"
response = http.request(request)
puts response.read_bodyWorkflows
Workflow Secrets
Manage encrypted secrets available to workflow webhook steps.
GET
/
api
/
workflows
/
secrets
Workflow Secrets
curl --request GET \
--url https://encrata.com/api/workflows/secrets \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"name": "<string>",
"value": "<string>"
}
'import requests
url = "https://encrata.com/api/workflows/secrets"
payload = {
"name": "<string>",
"value": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.get(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'GET',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({name: '<string>', value: '<string>'})
};
fetch('https://encrata.com/api/workflows/secrets', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://encrata.com/api/workflows/secrets",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_POSTFIELDS => json_encode([
'name' => '<string>',
'value' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://encrata.com/api/workflows/secrets"
payload := strings.NewReader("{\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n}")
req, _ := http.NewRequest("GET", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://encrata.com/api/workflows/secrets")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://encrata.com/api/workflows/secrets")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n}"
response = http.request(request)
puts response.read_bodyAuthentication
Requires a JWT token or API key in theAuthorization header.
Authorization: Bearer YOUR_TOKEN
List Secrets
GET /api/workflows/secrets
Example response
{
"secrets": [
{ "name": "SLACK_WEBHOOK_URL", "created_at": "2026-05-01T10:00:00Z" },
{ "name": "CRM_API_KEY", "created_at": "2026-05-15T08:00:00Z" }
]
}
Create Secret
POST /api/workflows/secrets
Secret name. Use in step configs as
{{secrets.SLACK_WEBHOOK_URL}}.Secret value. Encrypted at rest cannot be retrieved after creation.
Example request
curl -X POST "https://encrata.com/api/workflows/secrets" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "name": "SLACK_WEBHOOK_URL", "value": "https://hooks.slack.com/services/..." }'
Example response
{
"success": true,
"name": "SLACK_WEBHOOK_URL"
}
Delete Secret
DELETE /api/workflows/secrets
Secret name to delete.
Example request
curl -X DELETE "https://encrata.com/api/workflows/secrets" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "name": "SLACK_WEBHOOK_URL" }'
Example response
{
"success": true,
"message": "Secret deleted"
}
Usage in Steps
Reference secrets in webhook step configs using the{{secrets.NAME}} syntax:
{
"id": "notify",
"type": "webhook",
"config": {
"url": "{{secrets.SLACK_WEBHOOK_URL}}",
"method": "POST",
"headers": {
"Authorization": "Bearer {{secrets.CRM_API_KEY}}"
}
}
}
⌘I