arazzo: 1.0.1
info:
  title: Adobe Launch Create an Event Forwarding Secret
  summary: Create a secret scoped to an environment on an event forwarding property, then read it back.
  description: >-
    Event forwarding rules in Adobe Experience Platform Launch (Tags)
    authenticate to external services using secrets, which are scoped to a
    specific environment. This workflow creates a token secret on an event
    forwarding property tied to an environment, then retrieves the secret by id
    to confirm it persisted. Because the createSecret and getSecret operation
    ids are shared between the reactor and event forwarding specifications, the
    steps reference them through the operationPath form so they resolve against
    the event forwarding source. Each request is written inline using the
    JSON:API document shapes these endpoints require.
  version: 1.0.0
sourceDescriptions:
- name: eventForwardingApi
  url: ../openapi/event-forwarding-api.yml
  type: openapi
workflows:
- workflowId: create-event-forwarding-secret
  summary: Create an environment-scoped secret and verify it by reading it back.
  description: >-
    Creates a token secret on an event forwarding property bound to an
    environment, then retrieves it to confirm storage. Uses operationPath
    references to disambiguate the cross-spec secret operation ids.
  inputs:
    type: object
    required:
    - accessToken
    - apiKey
    - imsOrgId
    - propertyId
    - environmentId
    - secretName
    - credentials
    properties:
      accessToken:
        type: string
        description: OAuth 2.0 Server-to-Server bearer access token from Adobe Developer Console.
      apiKey:
        type: string
        description: Client ID credential sent as the x-api-key header.
      imsOrgId:
        type: string
        description: Adobe Organization ID sent as the x-gw-ims-org-id header.
      propertyId:
        type: string
        description: The event forwarding property the secret is created on.
      environmentId:
        type: string
        description: The environment the secret is scoped to.
      secretName:
        type: string
        description: Human-readable name for the secret.
      credentials:
        type: string
        description: The credential value stored in the secret.
  steps:
  - stepId: createSecret
    description: Create a token secret on the property, scoped to the environment.
    operationPath: '{$sourceDescriptions.eventForwardingApi.url}#/paths/~1properties~1{propertyId}~1secrets/post'
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    - name: x-api-key
      in: header
      value: $inputs.apiKey
    - name: x-gw-ims-org-id
      in: header
      value: $inputs.imsOrgId
    - name: propertyId
      in: path
      value: $inputs.propertyId
    requestBody:
      contentType: application/vnd.api+json
      payload:
        data:
          type: secrets
          attributes:
            name: $inputs.secretName
            type_of: token
            credentials: $inputs.credentials
          relationships:
            environment:
              data:
                id: $inputs.environmentId
                type: environments
    successCriteria:
    - condition: $statusCode == 201
    outputs:
      secretId: $response.body#/data/id
  - stepId: getSecret
    description: Read the secret back by id to confirm it persisted.
    operationPath: '{$sourceDescriptions.eventForwardingApi.url}#/paths/~1secrets~1{secretId}/get'
    parameters:
    - name: Authorization
      in: header
      value: "Bearer $inputs.accessToken"
    - name: x-api-key
      in: header
      value: $inputs.apiKey
    - name: x-gw-ims-org-id
      in: header
      value: $inputs.imsOrgId
    - name: secretId
      in: path
      value: $steps.createSecret.outputs.secretId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      secretId: $response.body#/data/id
  outputs:
    secretId: $steps.getSecret.outputs.secretId