variable secrets
I'm trying to run an API block and set the variables, but the API returns a 403 Forbidden. However, when I run the same API in Postman, it works. I'd like to know if it's possible to run an API block and set the variables, considering these variables are secrets.
2 Replies
Yes – you can call any authenticated API from a Voiceflow API Step and safely pass your credentials with the Secrets Manager.
How to do it
1. Add the key/token to Agent Settings → Secrets.
2. In the API Step field that needs the credential (Header, Param, Body, or even inside the URL) type
{, switch to the Secrets tab in the dropdown and pick the secret. Voiceflow will send the raw value at runtime even though it stays masked in the editor.
3. (Optional) open Agent Settings → Environments and make sure the secret has a value for the development environment – otherwise the “Send request” test from the canvas will go out without the credential and often returns 403 Forbidden.
4. Configure the rest of the call exactly as it works in Postman (method, URL, Content-Type etc.) and click Send Request to verify; once you see “Success” you can map the JSON response to Voiceflow variables in the Capture Response section.
Why you’re getting 403 in Voiceflow but not Postman
• The most common cause is that the header/param containing your secret wasn’t inserted or is empty (e.g. wrong secret name or no dev-override value).
• A restricted-visibility secret can’t be revealed in the UI, but it is still sent; masking itself will not trigger a 403.
• Double-check that any required headers (Content-Type, Accept, custom scopes, etc.) are identical to the working Postman request.
Quick checklist ✔️
• Secret exists and has a value for the environment you’re testing.
• Secret placeholder in the API Step matches the secret name exactly (case-sensitive).
• All other request details mirror your working Postman call.
• Use the Failure path port if you want to catch 4xx/5xx errors inside your diagram.
Relevant docs
• Secrets Manager – storing & inserting secrets: https://docs.voiceflow.com (see “Secrets”)
• Building and testing API Steps: https://docs.voiceflow.com (see “API step”)I can not for the life of me figure out how to use secrets in the api body for raw json?