How to
Webhook trigger: Setting up an API token
What is an API token?
An API token is a security credential that allows other services to securely send inbound payloads to Pendula. When using webhooks to trigger an experience, it is essential that the payloads are secured by an active API token. This ensures that the data sent to Pendula is authenticated and authorised, ensuring the integrity of the communication between applications.
Generate a new API token
- Navigate to Integrations > Setup connection > API token.
- You will be prompted to provide a helpful Name and Description. Then, click Generate.
- Once generated, the API token is shown in two different formats (HTTP header or basic authentication) and either can be used to secure inbound payloads to Pendula.
Make sure to store the generated API token securely, as this cannot be shown again.
- Ensure the credentials are saved securely, check the I have saved these credentials securely checkbox, and select Done. Now you can use this API Token to authenticate inbound payloads to the webhook trigger in the Flow builder.
Editing API tokens
You can edit Name and Description of an API token. Click on settings, make the changes and click on Update connection.
Deactivating API tokens
You can deactivate API tokens that are no longer used, or for which access is no longer authorised, at any time. Once deactivated, services using this API token will no longer be authenticated.
- In Integrations, under Connections, locate the 'Active' API token you wish to deactivate.
- Under the Actions column, select Deactivate API token. Follow the prompts to continue.
Note that API tokens can take up to 60 seconds to be deactivated.
Reactivating API tokens
You can reactivate API tokens that have previously been deactivated (represented by the 'Inactive' status) in order to authenticate services using the API token.
- In the Integrations page, locate the 'Inactive' API token you wish to reactivate.
- Under the Actions column, select Reactivate API token.
Note that API tokens can take up to 60 seconds to be reactivated.
Deleting an API token
You can permanently delete 'Inactive' API tokens. Note that this cannot be undone, and services using this API token will no longer be authenticated.
- In the Integrations page, locate the API token you wish to delete. Note that an API token must be 'Inactive' to be deleted.
- Under the Actions column, select Delete API token. Follow the prompts to continue.