Skip to main content
Question

Secrets API in Script Extensions?

  • February 26, 2026
  • 3 replies
  • 44 views
Avana_Vana
Forum|alt.badge.img+9

There is now a secrets API for automation scripts.

Why do we not have the same API available in script extensions?  I have an API server that I use to interact with an Airtable base, and I want some of my script extensions to use protected endpoints that require an API key header to access.  In my automations I can store this API key in the new secrets API, but in script extensions I have to hard code the key (terrible practice) in the script extension in order to access the endpoints.  And I can’t use an external API to manage/store/retrieve secrets because then I just have the same issue with another server—to retrieve those secrets I would need to hit an authenticated endpoint using some other secret.

I’m just confused why, now that this secrets API has been added to automation scripting, it hasn’t been extended to script extensions.

3 replies

nroshak
Forum|alt.badge.img+9
  • nroshak
  • Inspiring
  • February 26, 2026

It sounds like you’re not using the script in an automation, but running it manually from the Scripting extension in the Extensions pane, right?

If so, you could use inputConfig and enter the key when you run the script, something like this :

// get API key
let inputConfig = input.config({
    title: 'Enter API key',
    description: `This script calls a 3rd party service and needs an API key`,
    items: [
       input.config.text('apikey', {label: 'API key:', description: 'Enter api key here:',})
    ],
});

- Natalka

Mike_AutomaticN
Forum|alt.badge.img+28

Mhmmm I did not realize it was only on automations but not on regualr scripts extensions (I’ll check that rn).

You’ll def want to submit this as a feature request using this form. Should not be a hard one to implement I guess.

 

Completely different matter, but would love to have you join the March 2026 AT Community led Hackathon! Make sure to sign up!!

 

Mike, Consultant @ Automatic Nation 
YouTube Channel 

vera_green
Forum|alt.badge.img+3
  • vera_green
  • Participating Frequently
  • March 11, 2026

From my recent research into the topic I’ve learned that it’s to do with the fact that automation scripts run on Airtable’s server, but extension scripts run in your own browser. So no way to store it securely in the 2nd case.

    Terms & ConditionsAccessibility statement