Well…this is embarassing. I shouldn’t post before coffee.
You’re absolutely right, SecureParameters are fine in SourcedFixletAction…it’s MIMEField that I was thinking of, that can’t be used in SourcedFixletAction.
I’m thinking it might be the name of the site is bad, the id of the fixlet is bad, or possibly your using ComputerName vs ComputerID (while not explicitly stated you can’t use ComputerName, the example hinted at it). Also, if your password value contains special XML characters, they must be encoded properly first.
I like @Mike’s thinking here…try sending without the SecureParameter first, and with simple values, to rule out other things like a bad computername value or XML special characters in the password.
Looks like a platform bug to me, and I’ve reproduced it on mine. When using the REST API, I can send a SourcedFixletAction to a ComputerName if there’s no SecureParameter, but with a SecureParameter it can only be actioned against a ComputerID.