Authentication
Secure your endpoint by requiring a valid API key, JWT, or Custom token.
Authentication Middleware Block
The Authentication Middleware Block is used to protect your endpoint. It intercepts the incoming request and verifies that the client has provided valid credentials before allowing the execution of subsequent blocks.
Configuration
| Field | Required | Description |
|---|---|---|
| Auth Type | ✅ | The type of authentication to enforce: API Key, Bearer JWT, or Custom Header. |
| Key/Header Name | ✅ | The name of the header or query parameter containing the credential (e.g., Authorization, x-api-key). |
| Validation Source | ✅ | Where the valid credentials are stored (e.g., Secret Vault, Database). |
Behavior
- The block checks the incoming request (Headers, Query, or Body) for the specified credential.
- It compares the credential against your configured Validation Source.
- If Valid: The flow continues to the next block.
- If Invalid or Missing: The flow is immediately terminated, and a
401 Unauthorizedor ## Output Variable
Specify a Variable Name to store the decoded JWT payload (only applicable if using JWT authentication).
Success Payload (JWT Only)
{
"sub": "user_123",
"iat": 1616239022,
"exp": 1616242622,
"role": "admin"
}Errors & Responses
If authentication fails, the flow terminates and immediately sends an HTTP response (default 401) to the client:
{
"error": true,
"message": "Unauthorized: Invalid or expired token.",
"code": "AUTH_JWT_VERIFY_FAILED"
}If you specify an Output Variable, the error details are also stored there:
{
"error_key": "AUTH_JWT_VERIFY_FAILED",
"error_message": "Unauthorized: Invalid or expired token."
}Common Error Keys: AUTH_MISSING_STATIC_KEY, AUTH_SECRET_RETRIEVE_FAILED, AUTH_INVALID_STATIC_KEY, AUTH_MISSING_JWT, AUTH_JWT_VERIFY_FAILED, AUTH_NAME_NOT_FOUND, AUTH_NAMES_MISSING, AUTH_JWT_SECRET_MISSING
