I am currently using the Web Services Connector in SailPoint Identity Security Cloud and implementing an After Rule. Inside the After Rule, I am calling an external API and modifying the response based on the API result. At the moment, the API credentials (client ID and client secret) are hardcode…

Hi @sxxnex Please refer to the SailPoint documentation below regarding handling sensitive data in source configurations: Integrating SailPoint with Web Services SailPoint Connectors Documentation When configuring the source, do not hard code sensitive dat…

[image] sidharth_tarlapally: String clientId = application.getAttributeValue("AppClientId"); Hi Sid, I’m getting a 401 Unauthorized error after switching to encrypted application attributes. Just to confirm — for attributes added to the encrypted attribute list, is it expected that they can…

Hi @sxxnex Agree here with @sidharth_tarlapally , Please note that you need to use PATCH api call to add the sensitive field into encrypted block, if you use some other way of adding these field into this block, the encryption may not work. In addition to that, you may also add suffic _CA in the f…

[image] sidharth_tarlapally: application.getAttributeValue I configured the source with the following attributes: [ { "op": "add", "path": "/connectorAttributes/custom_client_id", "value": "example_id" }, { "op": "add", "path": "/connectorAttributes/custom_client_se…

What do you think about using secretAttributes instead?

@sxxnex You mean you are getting 400 while making PATCH API call to update “encrypted” attribute? Please share a snapshot , mask any sensitive data. Thank you

Hi @SoumyaVaramballi 400 error message is weird one, i personally do not think it is coming due to adding the secret to encrypted block. Can you please check if after running the PATCH api, you see these custom_client_id and custom_client_secret in encrypted form on source. Do note that if you alr…

The source already uses the test_client_id and test_client_secret attributes. When both attributes are not encrypted, declaring and using them in the rule as shown below works without any errors: String clientId = (String) application.getAttributeValue("test_client_id"); String clientSecret = (Str…

Your custom attribute names are supposed to end with _CA per the documentation for the web services connector. Trying changing the name and see if it makes a difference.

[image] vguleria: 400 error message is weird one, i personally do not think it is coming due to adding the secret to encrypted block. Can you please check if after running the PATCH api, you see these custom_client_id and custom_client_secret in encrypted form on source. Do note that if you alr…

Best Practice for Securing API Credentials in Web Services Connector After Rule

Identity Security Cloud (ISC) ISC Discussion and Questions

patrickboston (Patrick Boston) February 3, 2026, 1:33am 14

Here is someone else doing it successfully

Topic		Replies	Views
Accessing Encrypted Application Attributes in Rule (Web Services Connector) ISC Discussion and Questions webservice-connector , rules , identity-security-cloud	1	52	February 3, 2026
Fetching Encrypted values in 𝖢̶𝗈̶𝗇̶𝗇̶𝖾̶𝖼̶𝗍̶𝗈̶𝗋̶ Cloud Rule ISC Discussion and Questions rules , identity-security-cloud , provisioning , connectors	24	280	March 23, 2026
Add Encrypted attributes in the Source so that I can use those in the before and after operation rule ISC Discussion and Questions rules , identity-security-cloud	6	956	July 26, 2023
Read an encrypted string from source config in connector rule ISC Discussion and Questions rules , identity-security-cloud	4	87	July 21, 2025
Making API call with WebServicesClient from within a WSBO rule ISC Discussion and Questions webservice-connector , identity-security-cloud	5	339	December 27, 2024

Best Practice for Securing API Credentials in Web Services Connector After Rule

Related topics