Protected API request from actions


I would like to call a protected API from my actions. I was thinking of using M2M flow, but that means that I’d have to do client credential exchange every time action is triggered - which is a bit excessive IMO and also M2M is limited to 1000 authentication. What do you prefer I do in this case? I’d like to protect the API called from the action for obvious reasons (to prevent spam) Is there any way of generating long lived token that I can just put inside the secret?



Hi @luka1,

Yes, you can use the M2M flow. This would be the OAuth way of doing it, but there is no caching mechanism available in Actions at the moment.

You could also make your own secret or API key, use basic auth, etc.

1 Like

Thanks! Decided to use the JWT sign feature, so i’m just signing payloads with a key that only backend knows.

1 Like

Sounds good. Thanks for the update!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.