I read the documentation around API Secrets management and it seems that you can only use the secret in SFTP and HTTPS calls as a direct parameter In my case though, the token is part of the POST body, so it seems that NetSuite doesn't handle it as a password (doesn't resolve it) but instead just puts 'custsecret_xyz' any ideas?

AI generated answer (using internal Slack threads):

Based on the conversations, it seems that you are trying to use the API Secret as part of the POST body in a NetSuite HTTPS call. However, you are encountering issues because NetSuite is not resolving the secret and instead is just putting 'custsecret_xyz'. Here's what you can do: 1. When creating the secure string, make sure to wrap the script ID in curly braces. For example:

javascript
var secureToken = https.createSecureString({
    input: '{custsecret_api_connector_pd}'
});

2. When making the HTTPS request, you can include the secure string in the

credentials

parameter and use the script ID of the secret in your body as a normal string. For example:

javascript
var response = https.request({
    url: '<https://ptsv2.com/t/999999/post>',
    method: 'POST',
    credentials:[secureToken],
    body: 'My POST Data: {custsecret_api_connector_pd}'
});

3. The

credentials

parameter in the HTTPS request works by string replacement. It will replace the script ID in the body with the decrypted password. 4. If you are still encountering issues, you can try not using the secure string at all. Instead, put the ID of the secret in the

credentials

parameter and the request will automatically do the string replacement. ****** Disclaimer: This response was generated by an artificial intelligence assistant based on previous conversations from multiple Slack channels, and may contain inaccuracies or mistakes. ******