Instant Authentication

Flows come with optional out-of-the-box authentication. This feature is enabled/disabled via the toggle found below the Flow's unique URL in the trigger drawer. Authentication is enabled on all newly created Flows by default but can be manually disabled at any time.

When Authorization is enabled, calling the Flow must be done while passing an Authorization Header, which will include your Authorization Token (or your app's users' Authorization Token). For example, if you are calling the Flow from the browser using the fetch API, you'll pass the Authorization Header like this:

fetch("{{ YOUR_ENV }}-{{ YOUR_TRIGGER_ID}}", {
"method": "POST",
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{ YOUR_TOKEN }}"
"body": "{\"data\":\"Added new data\"}"
.then(response => {
.catch(err => {

To learn about how to pull your Authorization Token, visit the Authorization sections of our docs here:

Buildable's Authentication feature requires the Users Service

Buildable Authorization uses the Users Service behind the scenes. If you intend to leverage the power of the Instant Authorization feature, then you'll need to create a Users Service via the Services tab of your Buildable dashboard, which you can learn about in more detail in the section: