You can use the Key auth policy to protect HTTP Request flows with API key-based authentication. Then, if someone sends a request to the flow, they must include a valid API key in the HTTP headers or query string parameters of the request. If they don't, the request will be rejected.

This topic explains how to create and use a Key auth policy.

Step 1: Create an auth policy

  1. Open a project.
  2. In the sidebar, click Auth policies.
  3. Click Add auth policy.
  4. In the Auth Policy Name field, enter a name for the policy.
  5. Select Auth Policy Type > Key.
  6. In the Key field, enter an API key.
  7. Choose whether API keys should be provided via HTTP headers or query string parameters.
    1. To accept API keys via the HTTP headers, enter a name for the header in the Header Name field.
    2. To accept API keys via the query string parameters, enter a name for the parameter in the Query String Name field.
  8. Click Save.

Step 2: Assign the policy to a flow

  1. In an HTTP Request flow, open the Start (HTTP Request) component.
  2. From the Authentication dropdown, select the auth policy.
  3. Close the component's settings.
  4. Click Save.

Step 3: Send an unauthenticated request

Click the Run button.

The request should fail and the following error should appear in the Output tab:

Failed to pass auth policy. StatusCode: 401 Message: An authentication key should be provided in either headers or querystring. AuthPolicy 'Example API Key' requires the key.

This confirms that the auth policy is enabled.

Step 4: Send an authenticated request

The exact process of sending an authenticated request depends on whether the API key must be provided via an HTTP header or query string parameter.

Using an HTTP header

  1. In the Input tab, click the + icon under the Headers label.
  2. In the first field, enter the name of the HTTP header.
  3. In the second field, enter the API key.
  4. Click Run.

Using a query string parameter

  1. In the Input tab, click the + icon under the Query String label.
  2. In the first field, enter the name of the query string parameter.
  3. In the second field, enter the API key.
  4. Click Run.