Add-on | AI agents - Advanced |
Obfuscating API keys in an integration is essential for safeguarding sensitive data and preventing unauthorized access to protected resources. When an API key is entered into the integration builder, it’s automatically obfuscated to enhance security.
This article contains the following topics:
- Using an authorization token in a request header
- Using an authorization token as a request parameter
Related articles:
Using an authorization token in a request header
For authentication, ensure the authorization token is included in the request headers by referencing it as {{apiToken}}. This setup applies to all authorization types, except for cases with no authorization.
To implement the token within the headers, assign it to the designated header key using the syntax {{apiToken}} for OAuth 2.0, Bearer {{apiToken}} or, for Basic Auth, Basic {{apiToken}}.
How to:
In my example below with Authorization type of API Key, I have typed in my API key:
Once I click Save, it will automatically obfuscate the key to <SECRET>:
Now I click Headers. Here, I enter my token key and for the value I enter {{apiToken}}.
Using an authorization token as a request parameter
Additionally, a token can be passed as a request parameter, either directly from the widget or from metadata.
How to:
Define a request parameter with a key of your choice.
Once created, this parameter can be dynamically referenced within the headers in the same format as outlined above or it can be posted to an endpoint in the request body/payload.
0 comments