I am trying to call an API. The API contains credentials (password) in the URL so I tried to secure that password using the template syntax. Having credentials in the URL is not the best practice since we are trying to integrate one of the customer’s systems we have no other option.
This is how I tried:
client.request.get("https://domain.com/user/<%= iparam.password%>").then(
(data) => { console.log(data); },
(err)=>{ console.log(err); });
I am using the default installation parameter page, In the iparams.json config file, I have set secure attribute to true.
"password": {
"display_name": "Enter password",
"description": "Please enter the password",
"type": "text",
"secure":true
"required": true
}
When I run the app request API call fails. When I debugged the issue, I found that the password was not substituted (<%= iparam.password%>) in the URL.
Am I missing anything? Can we access secured iparams fields in the URL? Is this supported?