How API Keys, HTTP Triggers and Routing keys work

Estimated reading time: 5 min
Prerequisite:
Understanding APIs: What is an API? How Wiresk Uses APIs?

In Wiresk, Triggers are used to start a Flow. To trigger a Flow from external systems, Wiresk uses a secure combination of three key elements: API Keys, HTTP Triggers, and Routing Keys. These work together to ensure that Flows are addressable, callable, and protected from unauthorized access.

This guide explains what each of these elements does and how to use them properly.

An API Key in Wiresk is a unique, randomly generated token used to authenticate requests made to Wiresk’s platform. It confirms the identity of the caller, whether a connected application or system.

  • Authentication: Confirms the request is from a trusted source.
  • Reusable Across Flows: API Keys are not tied to a single Flow, they are scoped to the Group level.
  • Validation Requirement: For a Flow to be triggered, it must contain an HTTP Trigger that accepts the API Key.

Wiresk’s API key system is designed for flexibility. You can reuse the same API key across multiple Flows, making it easier to integrate Wiresk into environments where many Flows need to be automated, without having to manage dozens of individual keys.

Example Use Case:

You might generate one API Key for a webhook integration, and use that same key to trigger multiple Flows:

  • Flow A: Sync data between platforms
  • Flow B: Handle CRM webhook input
  • Flow C: Generate and send internal reports

This works because the Routing Key (defined by the HTTP Trigger) identifies which Flow should run, while the API Key only verifies whether the request is authorized. The API Key does not determine which Flow is triggered.

While reusable API keys are convenient, creating separate API keys per use case offers practical benefits, even for non-technical users:

Best Practices for Managing API Keys:

StrategyDescription
One Key per EnvironmentSimplifies key management, but lacks granularity if a specific key needs revocation.
One Key per Source AppRecommended. Offers balance between clarity and security. If one system is compromised, only its Flows are affected.
One Key per FlowHigh isolation and control, but may introduce overhead in key management.
Recommendation:

● Use a reusable API key when simplicity and speed are your top priority.
● Use multiple, purpose-specific keys when you want better visibility, control, and security.
●  Name your API keys and HTTP triggers clearly for easy maintenance.
●  Regularly review and rotate API keys for security.

You can always see which Flows are using a key by clicking on the key name in the API Key tab of your Flows Group.
  1. Go to your Group.
  2. Open the API Key tab.
  3. Click + Create and give it a clear, descriptive name (e.g., “CRM Integration” or “Slack Trigger”).
  4. After creation, your API key will appear in the list.
  5. Click on any API key to see which Flows are using it.

An HTTP Trigger in Wiresk is a way to start a Flow by sending an HTTP request to a unique URL called a Routing Key. This is typically used when the external system cannot create a webhook via API, and Wiresk needs to expose an endpoint for external systems to initiate the Flow.

You do not need to manually create an HTTP Trigger in Wiresk just to run a Flow once. Manual test runs can be done directly using “Run Once.” Only create an HTTP Trigger when an external app or system requires a manual webhook URL because it doesn’t support API-based webhook creation.

Use an HTTP Trigger only if:

  • The external system cannot create a webhook via API, and you need to give it a Routing Key URL.
  • You want Wiresk to listen for HTTP requests from systems like form tools, custom scripts, or platforms with limited webhook options.

Otherwise, don’t create one manually. Wiresk automatically handles routing for systems that support native API-based webhook creation or for internal testing.

  • API Key: Authenticates the request.
  • Routing Key: Identifies the specific Flow to run.
  • Optional Filters: Define conditional logic to allow or reject incoming data.

When you create an HTTP Trigger in a Flow:

  1. Wiresk generates a unique Routing Key URL.
  2. You assign an API Key for authentication.
  3. External apps can send HTTP POST requests to this URL to trigger the Flow.
  4. Wiresk checks:
    • Routing Key: Determines which Flow to run.
    • API Key: Verifies that the request is authorized.
    • Filters (if configured): Validates the request content before proceeding.

1. Open the Flow Builder

  • Go to your Group, then navigate to Flows Management.
  • Open an existing Flow or create a new Flow where you want to add the HTTP Trigger.

2. Add the HTTP Trigger

  • In the Trigger section, click “+ Add”.
  • Under Manual Triggers, select “HTTP Trigger” (not the one with filter).

3. Configure the HTTP Trigger

You’ll be prompted to fill out the following fields:

  • Description
    Add a clear internal label (e.g., “Trigger from Airtable”). This helps your team identify the Trigger’s purpose.
  • API Key
    Select an existing API Key or create a new one.
    This key is required to authenticate incoming requests, ensuring that only authorized systems or users can activate the Flow.
  • After selecting or creating the API Key, click Save.
  • Once saved, the HTTP Trigger will appear in the Routing Keys section of the Trigger settings panel.
    • Here, you’ll see:
      • The generated Routing Key URL, which can be copied and used in external systems (e.g., webhooks).
      • An option to delete the trigger if needed.

You can now use this Routing Key URL to start your Flow from an external system.

Think of the HTTP Trigger as a gatekeeper: it checks identity (API Key) and knows where to send the request (Routing Key).

The HTTP Trigger with Filter is used when the connected app does not support API-based webhook creation. Instead, Wiresk allows you to manually configure a webhook endpoint (Routing Key URL) that can be pasted into the external system.

This Trigger listens for incoming HTTP requests and runs a Flow only when specific filter conditions are met.

Use this Trigger when:

  • The external system can send HTTP POST requests, but cannot programmatically create a webhook
  • You want to trigger Flows based on specific values in the incoming request
  • You need a manual webhook setup, with secure filtering and conditional logic
  1. Select API Key (Required)
    Choose an API key used to authenticate incoming HTTP requests. This ensures that only authorized systems can call the endpoint.
  2. Select Platform (Required)
    Choose the integration app (e.g. Eats365) from your list of connected apps. This links the Trigger to a specific context.
  3. Configure Filter
    Define one or more filters to control when the Flow should run.
    Each filter has:
    • Field name (e.g. event_type)
    • Logic (e.g. Equals, Contains)
    • Value (e.g. new_order)
    Example:
    A filter with event_type Equals new_order means the Flow only runs when the incoming request contains: { "event_type": "new_order" }

Once the Trigger is set up:

  1. Copy the Routing Key URL
    After configuring the filter, Wiresk generates a unique Routing Key URL. This URL acts as your webhook endpoint.
  2. Paste it into the External System
    Go to the external app and configure its webhook feature by pasting this URL into the appropriate webhook destination field.
  3. Complete the Flow Setup
    Back in Wiresk, finish designing the Flow, add transformations, data routing, or any required actions.
  4. Wait for Incoming Requests
    Once everything is in place, Wiresk will listen for incoming calls. If the incoming data matches the filter, the Flow runs automatically.
  • Rename filter fields to match the expected key in the payload (e.g., event_type, status)
  • Use a dedicated API Key per integration for security
  • Test the endpoint with sample payloads to confirm filter behavior before production

A Routing Key is the unique URL endpoint generated by Wiresk when you create an HTTP Trigger. It tells Wiresk which Flow to run when a request is received.

Routing Keys are associated with HTTP Triggers and require an API Key to authenticate incoming requests.

  • Auto-generated per HTTP Trigger.
  • Requires a valid API Key to work.
  • Can be pasted into external apps as a webhook destination.
  • Cannot be shared publicly. Treated like a password.

A system (like a CRM) sends data to the Routing Key URL.

Wiresk uses:

  • Routing Key to find the right Flow.
  • API Key to authenticate the sender.
  • Optional Filters to determine if the Flow should run.

You have a Flow called “Create New Contact”.

  1. You add an HTTP Trigger to the Flow.
  2. Wiresk gives you a Routing Key URL.
  3. In your external form builder, you set this URL as the webhook destination.
  4. Every time someone submits a form:
    • The form app sends a POST request to the Routing Key.
    • Wiresk checks the API Key and filters.
    • If valid, the Flow runs.
Key Considerations:
● The Routing Key determines which Flow to trigger.
● The API Key determines whether the request is authorized to trigger any Flow.
● Both Routing Key and API Key are required for a secure and valid request.
Do not share Routing Keys publicly, treat them as sensitive information.

Learn more about Wiresk, explore our user guide.

If you need an integration that you cannot find in Wiresk, you can make a request to our team, and we will try our best to satisfy your needs.