You can use an HTTP Flow auth policy to prevent anonymous clients from sending requests to HTTP Request flows. The logic of the policy itself is implemented as an HTTP Request flow. This makes it a lot more flexible than the other types of auth policies.

This topic explains how to create and use an HTTP Flow auth policy.

Step 1: Create an HTTP Request flow

  1. Open a project.
  2. Create an HTTP Request flow via the Explorer pane.
  3. Add an End (HTTP Response) component to the flow.
  4. Set the Status Code of the End (HTTP Response) component to 200 OK.
  5. Click Save.

Step 2: Create an auth policy

  1. Open a project.
  2. In the sidebar, click Auth policies.
  3. Click Add auth policy.
  4. In the Auth Policy Name field, enter a name for the policy.
  5. Select Auth Policy Type > HTTP Flow.
  6. Select the HTTP Request flow to use for authentication.
  7. Click Save.

Step 3: Assign the policy to a flow

  1. In a separate HTTP Request flow, open the Start (HTTP Request) component.
  2. From the Authentication dropdown, select the auth policy.
  3. Close the component's settings.
  4. Click Save.

Step 4: Implement the authentication logic

When a flow that uses an HTTP Flow auth policy is triggered, the request details — e.g. the headers — are forwarded to the auth policy flow. The auth policy flow can use these details to check if the client is authenticated.

The authentication logic is the responsibility of the auth policy flow. The only hard requirement is that, if the client is authenticated, the auth policy flow responds with a Status Code of 200 OK. If the client is not authenticated, it must respond with any other Status Code.

When a client triggers the flow, the request will fail if the auth policy flow doesn't respond with 200 OK.