How API Keys, HTTP Triggers and Routing keys work

Estimated reading time: 3 min
Prerequisite:
Understanding APIs: What is an API? How Wiresk Uses APIs?

When you build Flows in Wiresk, you need to set Triggers to start your Flows. Wiresk gives you the tools to do this securely and flexibly through API Keys, HTTP Triggers, and Routing Keys. This guide walks you through how these elements work together and how to use them correctly.

API Keys in Wiresk are used to authenticate incoming requests. They prove that the caller, whether it’s you or a connected app system, has permission to trigger Flows via the API.

When you generate an API key to run a specific Flow, that key can also be used to trigger other Flows. This is by design: Wiresk’s API key system is not tied to individual Flows, but rather to your Flows Group. As long as the API key is valid and the Flow has an HTTP Trigger that accepts it, the Flow can be triggered.

This means that access to specific Flows is determined by the Routing Key (via HTTP Trigger), not by the API key alone.

Wiresk’s API key system is designed for flexibility. You can reuse the same API key across multiple Flows, making it easier to integrate Wiresk into environments where many Flows need to be automated, without having to manage dozens of individual keys.

Example Use Case:

You might generate one API key for a webhook, and then use that same key to trigger:

  • Flow A: Sync data between platforms
  • Flow B: Handle CRM webhook input
  • Flow C: Generate and send internal reports

This works because Flows are identified by their Routing Key (via HTTP Trigger), not by the API key itself. The API key simply verifies that the request is allowed.

While reusable API keys are convenient, creating separate API keys per use case offers practical benefits, even for non-technical users:

Assigning one key per use makes it easy to understand what each key does.
For example:

  • API Key – Salesforce Sync
  • API Key – Monthly Report Trigger
  • API Key – Partner Webhook Access

This improves manageability when reviewing your key list in the API Key tab.

If an integration is compromised or no longer needed, you can revoke just that key without affecting the rest of your Flows.

Using one “master” key for everything puts your entire automation environment at risk if it’s ever exposed.

Wiresk logs all API key activity in the API Key tab, including:

  • What triggered the key
  • When it was used and how frequently it’s called (in the Flow statistics)

Using separate keys helps you trace activity and detect issues or patterns per integration.

If your Wiresk account is connected with many apps (e.g., HubSpot, Google Sheets, internal tools), having a separate API key for each makes it easier to manage and troubleshoot them independently.

Recommendation:

● Use a reusable API key when simplicity and speed are your top priority.
● Use multiple, purpose-specific keys when you want better visibility, control, and security.
●  Name your API keys and HTTP triggers clearly for easy maintenance.
●  Regularly review and rotate API keys for security.

You can always see which Flows are using a key by clicking on the key name in the API Key tab of your Flows Group.
  1. Go to your Group.
  2. Open the API Key tab.
  3. Click + Create and give it a clear, descriptive name (e.g., “CRM Integration” or “Slack Trigger”).
  4. After creation, your API key will appear in the list.
  5. Click on any API key to see which Flows are using it.
Create a separate API key for each system or use case. This helps with tracking, access control, and security.

An HTTP Trigger in Wiresk is a configuration that allows you to start a Flow using an external HTTP request. It acts as the entry point for webhooks or to manually initiate a Flow.

You typically add an HTTP Trigger during Flow creation. When configuring it, you provide a description and select or create an API Key. This forms the basis of a secure, addressable endpoint that can be used to trigger the Flow remotely or manually.

  • Provides a unique URL endpoint that can be called by connected apps.
  • Associates a specific Flow with a trusted API Key.
  • Supports secure integration without exposing internal configuration.
You can think of the HTTP Trigger as a doorway to the Flow. It verifies that the caller has valid credentials (via the API Key) and identifies which Flow to execute.
FeatureHTTP TriggerAuthenticated App Integration
Starts the Flow?YesYes
Requires Auth in Wiresk?Only an API keyYes (OAuth or token)
Used forExternal systems calling WireskWiresk calling connected apps
ExampleA webhook from HubSpot hitting WireskWiresk fetching pages from Notion

In Wiresk, the Routing Key is a unique identifier generated for each HTTP Trigger. It is embedded in the URL and tells Wiresk which Flow should be triggered.

The Routing Key is not something you choose manually; Wiresk generates it when you configure the HTTP Trigger. It maps directly to a specific Flow and is what enables external systems (your connected apps) to address the correct Flow at runtime.

  • You create an HTTP Trigger inside a Flow.
  • Wiresk assigns a Routing Key to that Trigger.
  • The combination of Routing Key and API Key defines a secure, callable endpoint.
  • When an external system calls that endpoint, Wiresk uses:
    • The Routing Key to identify which Flow to execute
    • The API Key to verify whether the caller has permission

The Routing Key defines the route and used in:

Your connected apps (like CRMs, e-commerce platforms, or form builders) send data to Wiresk using HTTP POST requests. They call the endpoint URL that includes the Routing Key.

Example Use Case:

  • Your CRM sends a deal update to a Wiresk Flow called “Update Lead Status”
  • The CRM is configured with the Routing Key to that Flow’s HTTP Trigger

When you manually test a Flow in Wiresk using the Run Once feature, you select the appropriate Routing Key. This tells Wiresk which HTTP Trigger (and therefore which Flow) to simulate a request against.

It ensures you’re triggering the right version of the Flow, especially if multiple Flows share the same API Key.

Key Considerations:
● The Routing Key is what determines which Flow runs
● The API Key is what determines if the request is allowed to run any Flow
● Both are required for secure and correct execution
Sharing Routing Keys publicly can expose your Flows, so treat them as sensitive information

Learn more about Wiresk, explore our user guide.

If you need an integration that you cannot find in Wiresk, you can make a request to our team, and we will try our best to satisfy your needs.