FluxyAPIFluxyAPI
BlocksMiddleware

Authentication

Secure your endpoint by requiring a valid API key, JWT, or Custom token.

Authentication Middleware Block

The Authentication Middleware Block is used to protect your endpoint. It intercepts the incoming request and verifies that the client has provided valid credentials before allowing the execution of subsequent blocks.

Configuration

FieldRequiredDescription
Auth TypeThe type of authentication to enforce: API Key, Bearer JWT, or Custom Header.
Key/Header NameThe name of the header or query parameter containing the credential (e.g., Authorization, x-api-key).
Validation SourceWhere the valid credentials are stored (e.g., Secret Vault, Database).

Behavior

  1. The block checks the incoming request (Headers, Query, or Body) for the specified credential.
  2. It compares the credential against your configured Validation Source.
  3. If Valid: The flow continues to the next block.
  4. If Invalid or Missing: The flow is immediately terminated, and a 401 Unauthorized or ## Output Variable

Specify a Variable Name to store the decoded JWT payload (only applicable if using JWT authentication).

Success Payload (JWT Only)

{
  "sub": "user_123",
  "iat": 1616239022,
  "exp": 1616242622,
  "role": "admin"
}

Errors & Responses

If authentication fails, the flow terminates and immediately sends an HTTP response (default 401) to the client:

{
  "error": true,
  "message": "Unauthorized: Invalid or expired token.",
  "code": "AUTH_JWT_VERIFY_FAILED"
}

If you specify an Output Variable, the error details are also stored there:

{
  "error_key": "AUTH_JWT_VERIFY_FAILED",
  "error_message": "Unauthorized: Invalid or expired token."
}

Common Error Keys: AUTH_MISSING_STATIC_KEY, AUTH_SECRET_RETRIEVE_FAILED, AUTH_INVALID_STATIC_KEY, AUTH_MISSING_JWT, AUTH_JWT_VERIFY_FAILED, AUTH_NAME_NOT_FOUND, AUTH_NAMES_MISSING, AUTH_JWT_SECRET_MISSING

On this page