Article content
The Flows Building API uses authentication to ensure only authorised systems can access resources.
This article explains authentication at a high level and how to use credentials safely.
How API Authentication Works
API authentication typically uses:
-
A token or key to identify the caller
-
Permission rules to control access
-
Expiry and rotation to improve security
Your credentials should be treated as sensitive information.
Best Practices for API Credentials
To keep your account secure:
-
Store tokens securely (never in public repositories)
-
Use separate credentials for different environments where possible
-
Rotate credentials if exposure is suspected
-
Restrict access to authorised staff only
Common Authentication Issues
Unauthorised / 401 errors
-
Token is missing, invalid, or expired
-
Incorrect auth format in the request
-
Credentials were revoked or rotated
Forbidden / 403 errors
- Token is valid but lacks required permissions
If errors persist, contact support with the request time and the endpoint used (do not send credentials in plain text).
Related Articles
-
API Contacts (Endpoints & Use)
-
How to Get Support for Flows Building