Secure Your API Endpoint

Option 1: Listening for Authorization Header from a request

You can send a request to your workflow endpoint to define the input schema. Then you can easily select the Authorization header from the request headers. Follow these steps:

1. Send a request to your workflow endpoint with the Authorization header.
   
   
   
2. In BuildShip, select the Get Data button to load the request data. Once the data is loaded then you can find the Authorization header by expanding the list of available headers.
   
   
   
3. Click on the Add input to schema button to add the Authorization header as an input to your workflow. And that's it.
   
   

Option 2: Manually accessing Authorization Header

You can manually create an input for you workflow to access the Authorization header. Follow these steps:

1. Click on the Connect Button at the top to setup the REST API Trigger.

2. Under the Workflow inputs schema section, add a new input. Call it Authorization and set the type to String, then save.
   
   

   
   
   

3. You can use dot notation to access any header value from the request headers. To begin, update the input to select the authorization header from the request headers instead of from the request body: Select Body > Trigger Data > headers > headers
   
   

   

Adding Condition to Validate Header

To enhance security, use a Branch Node to add a condition that validates and verifies the authorization header in the API request:

• For the first value of the condition select the Authorization input you created earlier. For the comparison, select the equals to operator (==). Lastly, set the final value to the key you want to validate.
• Organize your workflow nodes into the "then" and "else" conditions accordingly.
  
  

Return Authorized and Unauthorized Responses

Given an authorized request, it's typical to return an HTTP 200 (OK) response back to the client. Likewise, for an unauthorized request, return an HTTP 401 (Unauthorized) response. You can achieve this by setting the Status Code which can be found under the Additional options of the Output node.

Lastly, you can update the workflow output properties in the trigger settings to return the Flow Output for the response body and the Flow Output Status Code for the response status code.

1. For setting the Response Body, select Flow Output > Flow Output
2. For setting the Response Status Code, select Local Variables > Flow Output Status Code

Congratulations! Your API Endpoint is Now Secured

With the implemented security measures, you can confidently test and ship your workflow, ensuring the endpoint's safe usage within your application. Your workflow structure should resemble the following after following the above steps: