3 August 2018

Both Subscriptions and API Extensions can contain access secrets, for example to allow commercetools Composable Commerce to place a message into a queue, or to invoke an AWS Lambda function. When retrieving an access secret via the commercetools Composable Commerce API, it is now hidden (except for the last 4 characters).

This change should help you to keep your access secrets secure. As noted in both Subscriptions and API Extensions, we recommend to create access credentials that only have the permission to put a message into the specific message queue, or only invoke the particular API Extension.