API key authentication flaw in workflows

The Inline credential option for API Call authentication is severely flawed and insecure:
Using the API key in the username field and X in the password exposes the API key to anyone with workflow view permissions (including Freshworks agents).
I know I can use the built-in credentials manager option but sometimes it doesn’t work and I’m forced to use the Inline credential option. please fix this asap.

1 Like