Header Auth Credential
The Header Auth credential stores a single custom HTTP header — a name and a value — that Splice adds to every request made by an HTTP Request node the credential is attached to. It is the most flexible option for API-key and token-based authentication.
Overview
Many APIs authenticate with a custom header rather than Basic Auth or OAuth — for example an API key in X-API-Key, or a bearer token in Authorization. The Header Auth credential lets you store that header name and value once and reuse it across workflows without exposing the secret in workflow parameters.
Credential Fields
Name
The HTTP header name to send, exactly as the API expects it — for example Authorization, X-API-Key, or apikey.
Value
The header value. For a bearer token this is typically Bearer <token>; for an API key it is the key itself. The value is stored encrypted at rest.
Example Configurations
API key header
Name: X-API-Key
Value: sk_live_a1b2c3d4e5f6...
Bearer token
Name: Authorization
Value: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6...
Security
- The header value is stored encrypted at rest and is not exposed in workflow parameters.
- Always use HTTPS endpoints so the header cannot be read in transit.
- Treat API keys and tokens like passwords — rotate them per your security policy and revoke them at the provider if leaked.
- Prefer a scoped or least-privilege key over a full-access one where the provider supports it.
Related
- HTTP Request Node — attach this credential to authenticate outbound HTTP calls
- Basic Auth Credential — for APIs that use username/password Basic Auth
- OAuth2 API Credential — for APIs that issue access tokens via an OAuth 2.0 flow