# Authenticating endpoints

Authenticating endpoints is a secure way to run workflows as admin of the app. Workflows will not get initiated if they are not authenticated.

<figure><img src="https://codahosted.io/docs/jX3dbcWciM/blobs/bl-OIDm5MfXNo/1112fa27456d38caec1779143c418e08fa32dbe8ab64b195fa6d19323a4c92101e6ad60bb7981b284de11eeb86e890f084ed80df679b1ef158dafc9395623bd40f4f08e3f48c44d0fb42717b3d9c858ff156668642ff89c3cbd33f346abf2f57a845583a" alt=""><figcaption></figcaption></figure>

### Method 1: Include the Authorization header in the call.

a) Generate a token in settings

b) Include the header 'Authorization' in your call. Use 'Bearer' + TOKEN as the value.

<figure><img src="https://codahosted.io/docs/jX3dbcWciM/blobs/bl-HxUGuwsyHB/74cf90f86d9b6a30b75e03e64bb6b88a309e2f1c9e9dd226948e8d205770f1d6e24de45ed1d3a88d32ddbef7bf3d83e762f4ab4f14b3a52b37ac7bb1fa4d2701981142dbd4908b462271b0ba90e093311bd5a57b7b5c13f1931535bcbb21c251a9a3bcb3" alt=""><figcaption></figcaption></figure>

<figure><img src="https://codahosted.io/docs/jX3dbcWciM/blobs/bl-8HHirbVHwW/5923542d9c9b70120c6a2000f6d74f03b84790c1d156f23fa0f40bfd2d88bfc6fbf756df294daa73207c165c2635ddf703b9016af469a407170bfdbcdeb55f7ee01e61dda422ba25bf76d12f37a36caa76217311281f8582e32b31c1d557c9350840ea2d" alt=""><figcaption></figcaption></figure>

### Method 2: URL parameter

If you are working with 3rd party API's and you are not able to add Custom header, include 'api\_token' parameter in the URL when making the call.

```
POST: https://app.bubbleapps.io/version-[env]/api/1.1/wf/create?api_token=TOKEN
```

### Method 3: Act on behalf of a API User

a) Create API endpoint that contains Log in action as a workflow (Have user created within your app or you can have a signup workflow before login action to create a new user)

<figure><img src="https://codahosted.io/docs/jX3dbcWciM/blobs/bl-6u2EvRPqGC/57e111c032766132738c8865a562b395ae838a87c679f7745d7315dd4e4d445dc7e684b859730a7af224681d13fc43584be7e406b6dc2d608ef30d8bafd559ffe4ec903f0ade79756938ca57f10f0808491e910e2f7e5f105a654725e51e4c45ea17e415" alt=""><figcaption></figcaption></figure>

* Setting the field “Stay logged in” to ‘yes’ will give you token valid 365 days.
* Setting the field “Stay logged in” to ‘no’ will give you token valid 24 hours.

b) Initiate the endpoint via Postman or API connector. The response of the api will look like this:

```
{
"status": "success",
"response": {
"token": "1646485307119x480839771339487600", // API TOKEN Generated
"user_id": "1646485006806x789796348942187500",
"expires": 31536000 // valid 365 days
}
}
```

In the response, you will get an API Token (valid 365 days) that will allow you to create an endpoint with the 'require authentication' option set to run the workflow, but all subsequent actions will have access to the data as that User and Privacy Rules set to that User (e.g. you can set a special Privacy Role set to that only API User, etc.)

\
c) see Method 1 or Method 2 to authenticate the endpoint.

<figure><img src="https://codahosted.io/docs/jX3dbcWciM/blobs/bl-qureU5Zduk/4a317d7bc9dfa6cec15891b6083c0ec1c0cd818b5da251c19713650f062a1e4c0c38d4ec774df0d9eb3b3482a5007062a0d7ee685719ff8a4a4b4844acb5a63af6db5ddec60a442656f889795ab88e4d7240188a4ffe424fe99eeeda9dd179884ac5ccea" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.openbuild.io/working-with-the-framework/security-and-privacy/authenticating-endpoints.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.