'secure' type parameter doesn't save

Hi,

I've built a custom app that makes simple calls to the Zendesk API. I'm using the Zendesk API with a token instead of directly on my Zendesk instance, as when doing it directly it follows the user restrictions.

The problem we're having is that agents without access rights to all tickets (only to their own groups), can't change customer data, such as language, resulting in our dynamic content not properly working.

Therefore I created a custom app which makes it able to change the language of a customer through the Zendesk API.

In the custom app I've added a configuration field, called API token.

  "parameters": [
    {
      "name": "admin_email",
      "type": "text",
      "required": true,
      "secure": false,
      "default": "admin_email@example.com"
    },
    {
      "name": "api_token",
      "type": "text",
      "required": true,
      "secure": true
    }
  ]

When installing this app through zcli, I'm asked to input the value for api_token, which I do.

And also in the app configuration, I'm able to input the token. In both cases, the field shows empty in the app config, but maybe that's just how it works for secure fields?

But here it is: when doing API call with that token, I get an error stating that the token is not present. So the parameter is not filled at all.

Some additional logging:

// Fetch the API token and admin email from the app parameters
client.metadata().then(function (metadata) {
const apiToken = metadata.settings.api_token;
const adminEmail = metadata.settings.admin_email;

// Log to check if the API token is present
if (apiToken) {
console.log("API Token is present:", apiToken);
} else {
console.error("API Token is missing or not saved correctly.");
}

And this logging also tells me that the API token is not present.

When I save my token as not secure (secure = false), the token does get saved and the app works. But of course it's saved as plain text, which is not what I want.