- docs
- FlowFuse User Manuals
- Using FlowFuse
- Getting Started
- Static asset service
- Bill of Materials
- FlowFuse Concepts
- Changing the Stack
- Custom Hostnames
- Device Groups
- DevOps Pipelines
- Environment Variables
- FlowFuse Assistant
- FlowFuse File Nodes
- FlowFuse Persistent Context
- FlowFuse Project Nodes
- High Availability mode
- HTTP Access Tokens
- Instance Settings
- Logging
- Shared Team Library
- Snapshots
- Teams
- User Settings
- FlowFuse API
- Migrating a Node-RED project to FlowFuse
- Device Agent
- Device Agent
- FlowFuse Device Agent Introduction
- Quick Start
- Installation
- Quick Start with Web UI
- Register your Device
- Running the Agent
- Deploying your Flows
- Hardware Guides
- FlowFuse Cloud
- FlowFuse Cloud
- FlowFuse Self-Hosted
- Installing FlowFuse
- Overview
- Configuring FlowFuse
- DNS Setup
- Docker install
- Docker from AWS Market Place
- Docker on Digital Ocean
- Add Project Stacks on Docker
- Docker Engine on Windows
- Email configuration
- First Run Setup
- FlowFuse File Storage
- Install FlowFuse on Kubernetes
- Upgrading FlowFuse
- Administering FlowFuse
- Administering FlowFuse
- Configuring Single Sign-On (SSO)
- Licensing
- Monitoring
- Telemetry
- User Management
- Support
- Community Support
- Premium Support
- Debugging Node-RED issues
- Contributing
- Contributing to FlowFuse
- Introduction
- Adding Template Settings
- API Design
- Creating debug stack containers
- Database migrations
- FlowFuse Architecture
- Local Install
- State Flows
- Device Editor
- Invite External Users
- User Login Flows
- Reset Password Flow
- Project Creation
- Instance states
- User Sign up Flow
- Team creation Flow
- Working with Feature Flags
# HTTP Access Tokens
When a FlowFuse instance is secured with FlowFuse User Authentication, only users who are in the same FlowFuse team can access the dashboard and HTTP endpoints created within Node-RED.
In some cases, it is also necessary to provide secure access to the endpoints for other applications to use. This is where the HTTP Access Tokens can be used.
With the FlowFuse User Authentication option enabled on the Instance's Security settings tab, the table of access tokens is shown.
# Creating an access token
To create a token, click the Add Token button. Given your token a name and an optional expiry date, then click create.
You will be shown the token value - this is the only time it will be shown so make a note of it before closing the dialog.
# Using an access token
The token can be used when making an HTTP request to the Node-RED instance by providing it in the Authorization
http header as a bearer token.
For example, if a Node-RED instance has a flow deployed that includes an HTTP In
node listening on /token-demo
, the following
curl
command can be used to access it:
curl -H "Authorization: Bearer ffhttp_FKc_S4qlTBV1H411hmhneHcSJ6F_FGNQLPYbnoD3-B0" \
https://example.flowfuse.cloud/token-demo
To access it from another Node-RED instance, you can use the HTTP Request
node by enabling the 'Use authentication' option, selecting 'bearer authentication' and providing the token: