Secure webhook calls

Sumesh · December 12, 2023, 11:36pm

Hi there,
I am evaluating activepieces for our requirement. I am able to create a flow, trigger it from my application as a webhook call, and return response using Http piece successfully.
I was wondering whether there is a way to secure the webhook calls (or expose a rest api for the call), so that only authorized user tokens (or api keys) would be able to trigger them. Else if the webhook URL is exposed to public, that would let anyone to trigger the flow using curl, postman etc.
Any help is much appreciated.

Thanks
Sumesh

abuaboud · December 13, 2023, 12:47pm

Hi @Sumesh

Moving this to feature request, as workaround you can add branch to check the header inside each flow and returns 401.

Thank you,
Mo.

Sumesh · December 13, 2023, 10:09pm

Thanks @abuaboud, will give this a try

joeworkman · December 13, 2023, 10:18pm

After you webhook trigger, just add a branch action that will look for a HEADER value and match it against a specific value. If the webhook is every used without that header, then you don’t run the workflow.

EDIT: pretty much exactly what @abuaboud said…