Automation: Hidden headers

Hi everyone! I’m back again with a quick update on a new feature available to anyone currently using the Send web request action. We received some feedback from the community that people would like the ability to obfuscate headers that are sent with your web request when you’re attaching secrets, API keys or any other sensitive value to your request. We’ve gone ahead and given you the ability to do this, so let me show you how it works:

Add the “Hidden” flag to your headers

Your headers in both new and existing rules using the Send web request action now have an additional option. Below, you can see that a “Hidden” checkbox is available to you:

When you select this option on a header, you’ll notice that the value is now obfuscated:

If you go ahead and publish your rule, navigating back to the Send web request action will show you that the value you selected is permanently hidden, and cannot be shown again.

Once the value is hidden, it can’t be unhidden. However, you can always edit both the name and value of the header, or remove the header completely.

Once a rule is published with Hidden headers, the value will never be available for viewing in the automation platform. The value is masked as it’s sent back to you, so you won’t be able to inspect any payload to view the value either. You can find more information on how this works here.

Until next time!

Thanks again for checking in. The Automation team is always hard at work listening to your much appreciated feedback, so please feel free to comment below telling us what you’d like to see next from us.

Thanks a bunch!