Skip to main content

Headers

Don't forget to check out our Make Authorisation example once you've read this article!

This feature is not available for Link buttons

OneClick can send custom HTTP headers with your button click. Typically this is used as an authorisation mechanism to ensure that only authorized parties can trigger your automation or end-point. Headers can be also used to deliver other static data with your button click.

To useset thecustom Authorisation featureheaders you need to enable the sectionfeature infirst on the left hand menu first:menu:

oc-auth-1.pngimage.png

IfInsert your automationheader end-pointname /and webhookvalue requiresin authentication,their youcorresponding Key and Value fields. You can setadd upnew anheaders authorisationby headerclicking thaton willthe Add new button, and remove them by clicking on the trash bin icon. Headers can also be sentset withas theConfidential, buttonwhich trigger.

oc-auth-2.png

Header authorisation type

This ismakes the header name,value forvisible exampleonly "authorization",to "token"the etc.user who added it. Please note that this has many implications, read the details below.

image.png

Please note that underscores "_" are generally not recommended to be used in the Authorisation header name,names, as it may lead to disappearing headers at your back-end depending on the web server and configuration it runs on. More information here

Header

 authorisation

value

Implications of confidential headers

ThisA isuser other than the one who added a confidential header cannot:

  • See or change the header value
  • Change the URL of the button
    • This is to prevent exposing the header values by changing the URL to an other end-point which allows inspecting the received headers
  • Duplicate the button with the Copy feature in the button list view

image.png

Please note that the confidential headers can still be deleted by a user other than the one who added the header. This is to prevent "locking" a button in situations where for example a header was added by a user who's account has been deleted, or a button has confidential headers added by several users.

Data sent with a button

When you trigger your button that has AuthorisationHeaders enabled, a new headercustom headers will be added to the HTTP POST call. As an example:

"headers": {
	"authorisation"api-token":"123456",
    "x-your-data": "Hello world"
}