How API Keys, HTTP Triggers and Routing keys work

Estimated reading time: 3 min
Prerequisite:
Understanding APIs: What is an API? How Wiresk Uses APIs?

In Wiresk, Triggers are used to start a Flow. To trigger a Flow from external systems, Wiresk uses a secure combination of three key elements: API Keys, HTTP Triggers, and Routing Keys. These work together to ensure that Flows are addressable, callable, and protected from unauthorized access.

This guide explains what each of these elements does and how to use them properly.

An API Key in Wiresk is a unique, randomly generated token used to authenticate requests made to Wiresk’s platform. It confirms the identity of the caller, whether a connected application or system.

  • Authentication: Confirms the request is from a trusted source.
  • Reusable Across Flows: API Keys are not tied to a single Flow, they are scoped to the Group level.
  • Validation Requirement: For a Flow to be triggered, it must contain an HTTP Trigger that accepts the API Key.

Wiresk’s API key system is designed for flexibility. You can reuse the same API key across multiple Flows, making it easier to integrate Wiresk into environments where many Flows need to be automated, without having to manage dozens of individual keys.

Example Use Case:

You might generate one API Key for a webhook integration, and use that same key to trigger multiple Flows:

  • Flow A: Sync data between platforms
  • Flow B: Handle CRM webhook input
  • Flow C: Generate and send internal reports

This works because the Routing Key (defined by the HTTP Trigger) identifies which Flow should run, while the API Key only verifies whether the request is authorized. The API Key does not determine which Flow is triggered.

While reusable API keys are convenient, creating separate API keys per use case offers practical benefits, even for non-technical users:

Best Practices for Managing API Keys:

StrategyDescription
One Key per EnvironmentSimplifies key management, but lacks granularity if a specific key needs revocation.
One Key per Source AppRecommended. Offers balance between clarity and security. If one system is compromised, only its Flows are affected.
One Key per FlowHigh isolation and control, but may introduce overhead in key management.

Key Benefits:

  • Easy rotation and revocation
  • Better visibility and control
  • Separation of concerns per system
Recommendation:

● Use a reusable API key when simplicity and speed are your top priority.
● Use multiple, purpose-specific keys when you want better visibility, control, and security.
●  Name your API keys and HTTP triggers clearly for easy maintenance.
●  Regularly review and rotate API keys for security.

You can always see which Flows are using a key by clicking on the key name in the API Key tab of your Flows Group.
  1. Go to your Group.
  2. Open the API Key tab.
  3. Click + Create and give it a clear, descriptive name (e.g., “CRM Integration” or “Slack Trigger”).
  4. After creation, your API key will appear in the list.
  5. Click on any API key to see which Flows are using it.

An HTTP Trigger in Wiresk is a configuration that allows you to start a Flow using an external HTTP request. It acts as the entry point for webhooks or to manually initiate a Flow.

You typically add an HTTP Trigger during Flow creation. When configuring it, you provide a description and select or create an API Key. This forms the basis of a secure, addressable endpoint that can be used to trigger the Flow remotely or manually.

  • Provides a unique URL endpoint that can be called by connected apps.
  • Associates a specific Flow with a trusted API Key.
  • Supports secure integration without exposing internal configuration.
You can think of the HTTP Trigger as a doorway to the Flow. It verifies that the caller has valid credentials (via the API Key) and identifies which Flow to execute.
FeatureHTTP TriggerAuthenticated App Integration
Starts the Flow?YesYes
Requires Auth in Wiresk?Only an API keyYes (OAuth or token)
Used forExternal systems calling WireskWiresk calling connected apps
ExampleA webhook from HubSpot hitting WireskWiresk fetching pages from Notion

In Wiresk, the Routing Key is a unique identifier generated for each HTTP Trigger. It is embedded in the URL and tells Wiresk which Flow should be triggered.

The Routing Key is not something you choose manually; Wiresk generates it when you configure the HTTP Trigger. It maps directly to a specific Flow and is what enables external systems (your connected apps) to address the correct Flow at runtime.

  • You create an HTTP Trigger inside a Flow.
  • Wiresk assigns a Routing Key to that Trigger.
  • The combination of Routing Key and API Key defines a secure, callable endpoint.
  • When an external system calls that endpoint, Wiresk uses:
    • The Routing Key to identify which Flow to execute
    • The API Key to verify whether the caller has permission

The Routing Key defines the route and used in:

Your connected apps (like CRMs, e-commerce platforms, or form builders) send data to Wiresk using HTTP POST requests. They call the endpoint URL that includes the Routing Key.

Example Use Case:

  • Your CRM sends a deal update to a Wiresk Flow called “Update Lead Status”
  • The CRM is configured with the Routing Key to that Flow’s HTTP Trigger

When you manually test a Flow in Wiresk using the Run Once feature, you select the appropriate Routing Key. This tells Wiresk which HTTP Trigger (and therefore which Flow) to simulate a request against.

It ensures you’re triggering the right version of the Flow, especially if multiple Flows share the same API Key.

Key Considerations:
● The Routing Key is what determines which Flow runs
● The API Key is what determines if the request is allowed to run any Flow
● Both are required for secure and correct execution
Sharing Routing Keys publicly can expose your Flows, so treat them as sensitive information

Learn more about Wiresk, explore our user guide.

If you need an integration that you cannot find in Wiresk, you can make a request to our team, and we will try our best to satisfy your needs.