Authentication in API Workflows
If a back-end workflow is publicly exposed, you have to define whether the asker needs authentication in order to run this workflow or not. Most of the time you will want to have authentication required on your workflows to avoid them being triggered by entities that are not supposed to (hackers most of the time). So uncheck this box as often as possible, except if it is necessary for your business logic.
Adding Authentication to Webhooks
If you disabled this checkbox, it might be because this endpoint will be triggered by a 3rd-party service when a specific event happens.
But this is not a reason not to add authentication!
Let's suppose you're using Stripe and you want Stripe to send you a webhook whenever a User cancels its subscription (it will work with any 3rd-party service, but I'll take Stripe as an example). Inside your Stripe dashboard, you'll configure a webhook with the following destination address:
https://yourappid.bubbleapps.io/version-live/api/1.1/wf/your-endpoint
Below, we explain how to add authentication even if Stripe doesn't give you the possibility to add custom headers to webhooks.
Create a Bubble API Token
First step is going to your Bubble app editor and navigate to "Settings > API". You will see a button called "Create a new API Token".
Click it, and name it with the name of the according 3rd-party service you want to give authentication to.
Once this is done, copy your private key and create your new webhook URL which will be the following:
https://yourappid.bubbleapps.io/version-live/api/1.1/wf/your-endpoint?api_token=XXX
With 'XXX' being equal to the API Key you just generated.
All good, you can now uncheck the "This workflow can be run without authentication" checkbox!
Solution
To fix this issue, uncheck this box if it is not necessary for your business logic. If it is, you can simply ignore this issue.