Managing API Endpoints

Overview

API endpoints are reusable configurations that store your API connection details, authentication credentials, and connection settings. Each endpoint is scoped to your organization and can be used across multiple flows.

By centralizing your API configurations, you can:

• Reuse the same endpoint across multiple API Call nodes
• Update credentials in one place instead of in every flow
• Ensure consistent authentication and timeout settings
• Keep your API credentials secure with encrypted storage

Creating an Endpoint

You can create and manage endpoints in several ways:

1. Resources Menu (Flow Editor): Click "Resources" in the toolbar, then select "API Endpoints" to open the endpoint manager
2. API Call Node: Click the "+ Add" button in the endpoint selector when configuring an API Call node
3. From Dashboard: Navigate to Dashboard → API Endpoints → New Endpoint

The Resources menu provides global access to all endpoints from anywhere in the Flow Editor, making it easy to create, edit, and manage your API configurations without leaving your flow.

Endpoint Configuration

Each endpoint includes the following configuration options:

Basic Information

• Name: A descriptive name for the endpoint (e.g., "Stripe API", "Internal CRM")
• Description: Optional notes about what this endpoint is used for

Connection Settings

• Base URL: The root URL for API requests (e.g., https://api.example.com)
• Authentication: Choose from No Auth, API Key, Bearer Token, or Basic Authentication
• Timeouts: Configure connection and read timeout settings for all requests
• Custom Headers: Optional default headers applied to all requests to this endpoint

Authentication Methods

Configure authentication at the endpoint level. The system automatically adds the appropriate headers to every API request.

No Authentication

For public APIs that don't require authentication. No additional headers are added.

Use this option for open APIs or when authentication is handled through custom headers.

Bearer Token

Most common for modern REST APIs. The bearer token is automatically sent in the Authorization header:

Authorization: Bearer {your-token}

The token is encrypted and securely stored. It's never visible after creation.

API Key

For APIs that use custom API key authentication. The API key is sent directly as the Authorization header value:

Authorization: {your-api-key}

Note: This sends the raw API key. If your API expects a specific header format like X-API-Key, use custom headers in the endpoint configuration or add them to individual requests.

Basic Authentication

Traditional username/password authentication. Credentials are Base64-encoded and sent automatically:

Authorization: Basic {base64(username:password)}

Both username and password are encrypted and stored securely.

Timeouts

Configure timeout settings when creating or editing an endpoint. These settings apply to all API Call nodes using this endpoint.

Open Timeout

Maximum time in seconds to establish a connection to the API server. If the connection cannot be established within this time, the request fails.

Default: 60 seconds. Recommended: 5-30 seconds for most APIs.

Read Timeout

Maximum time in seconds to wait for the response after the connection is established. If the API doesn't respond within this time, the request fails.

Default: 60 seconds. Recommended: 10-60 seconds depending on expected response time.

Security Features

Your API credentials and sensitive data are protected with multiple layers of security:

Best Practices

• Use environment-specific endpoints: Create separate endpoints for development, staging, and production
• Rotate credentials regularly: Update API keys and tokens periodically for better security
• Limit permissions: Use API keys with minimal required permissions
• Monitor usage: Keep track of which flows use which endpoints
• Use read-only tokens: When possible, use read-only credentials for data fetching operations