I haven’t tried to use “Body” when setting credential location. “Header” worked in this case.
And yes, the PATCH call should return null
for the bearerToken
so the token isn’t displayed in plaintext, which can be a security concern as these responses are often logged.