API securing

Questions
1

:bullseye: What is your goal?

API secure

:thinking: What is the problem & what have you tried?

Hi,

I’m building a chatbot in Voiceflow and connecting it to Make.com via webhooks.

My chatbot has two different flows. Initially, everything worked fine when both flows were sending data to the same Make webhook.

Now I’m trying to secure the webhook using Make’s native API key authentication.

What I did:

Created an API key in Make
Added the header in Voiceflow (stored securely using Secrets)
Used the same secured webhook URL for both Voiceflow flows

Since enabling security, the chatbot no longer works and I receive 401 Unauthorized, or Make does not receive any data at all.

It worked before adding security.

My questions:

Is it recommended (or required) to use separate webhooks per flow when API key authentication is enabled?
Is it a bad practice to use one secured webhook for multiple Voiceflow flows?
What is the best-practice setup for securing Make webhooks when a single chatbot has multiple flows?

I want to make sure the API is secure but also structured correctly before giving access to the client.

Thanks in advance for any guidance!

1 Like
3

Hi, you don’t need separate webhooks per flow. Using one secured webhook for multiple Voiceflow flows is perfectly fine and not bad practice on its own.

The 401 usually means the API key header isn’t being sent exactly as Make expects, or one of the flows isn’t sending it at all. Once you enable security, every single request has to include the key, otherwise Make will just drop it.

A common setup is to keep one secured webhook and pass a flow identifier in the payload so Make can route the logic internally. Using separate webhooks is also fine if you want cleaner separation and easier debugging, but it’s not required for security.

Hope this helps.

Regards, Tony

1 Like
4

In addition to Tony’s suggestions, you could also try setting up IP Whitelisting and/or check headers and filter only on requests coming from Voiceflow.

Are you able to show the headers you’re sending from Voiceflow? Make the keys and any sensitive info, just need to check you’re sending the key in the header, the key name is correct, etc…

1 Like