Skip to main content

Header Auth Credential

The Header Auth credential stores a single custom HTTP header — a name and a value — that Splice adds to every request made by an HTTP Request node the credential is attached to. It is the most flexible option for API-key and token-based authentication.

Overview

Many APIs authenticate with a custom header rather than Basic Auth or OAuth — for example an API key in X-API-Key, or a bearer token in Authorization. The Header Auth credential lets you store that header name and value once and reuse it across workflows without exposing the secret in workflow parameters.

Credential Fields

Name

The HTTP header name to send, exactly as the API expects it — for example Authorization, X-API-Key, or apikey.

Value

The header value. For a bearer token this is typically Bearer <token>; for an API key it is the key itself. The value is stored encrypted at rest.

Example Configurations

API key header

Name: X-API-Key
Value: sk_live_a1b2c3d4e5f6...

Bearer token

Name: Authorization
Value: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6...

Security

  • The header value is stored encrypted at rest and is not exposed in workflow parameters.
  • Always use HTTPS endpoints so the header cannot be read in transit.
  • Treat API keys and tokens like passwords — rotate them per your security policy and revoke them at the provider if leaked.
  • Prefer a scoped or least-privilege key over a full-access one where the provider supports it.