Secure webhook calls

Hi there,
I am evaluating activepieces for our requirement. I am able to create a flow, trigger it from my application as a webhook call, and return response using Http piece successfully.
I was wondering whether there is a way to secure the webhook calls (or expose a rest api for the call), so that only authorized user tokens (or api keys) would be able to trigger them. Else if the webhook URL is exposed to public, that would let anyone to trigger the flow using curl, postman etc.
Any help is much appreciated.


Hi @Sumesh

Moving this to feature request, as workaround you can add branch to check the header inside each flow and returns 401.

Thank you,

1 Like

Thanks @abuaboud, will give this a try

After you webhook trigger, just add a branch action that will look for a HEADER value and match it against a specific value. If the webhook is every used without that header, then you don’t run the workflow.

EDIT: pretty much exactly what @abuaboud said…