Comment 3 for bug 1561701

Held discussion on this bug during the weekly meeting. We came to an agreement on the following:

GET secrets/{uuid}/payload -> 404
GET secrets/{uuid} with any Accept Header other than "application/json" -> 406