This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Help needed - HTTP Headers issue

AMacourek
Deputy Chef III
Deputy Chef III

‎02-04-2026 06:41 AM

I have an HTTP Connection that I set up that uses headers for authorization.

 
 

image.png

The problem is that only the first key is being passed with the request. 

0 Kudos
13 REPLIES 13

shivakumara
Executive Chef III
Executive Chef III
In response to AMacourek

‎02-05-2026 08:47 PM

Hi @AMacourek ,

Thank you for sharing the reference.

In this case, you can establish the connection using only the basic details, such as the Base URL, and keep the authorization set to “None.”

All the required and relevant details can be passed directly within the recipe.

Thanks and Regards,
Shivakumara K A



0 Kudos

gary1
Star Chef I
Star Chef I

‎02-05-2026 08:58 PM

I did some a ludicrous amount of testing and have some more input:

  • I confirmed Workato is definitely passing both headers
  • I don't think "Endpoint has case-sensitive headers?" actually works

Here's how I tested in case this is helpful for anyone else:

I used nifty tool called https://webhook.site/ 

This site lets you set up an endpoint to call so you can analyze the data and headers you're sending.

 

I made this connection and tested it:

connection.jpg

Here's the receipt of the request. You'll notice the API headers are downcased. I figured this might be part of the UI of site, so I tried several other similar tools (hooklistener.com, usewebhook.com, play.svix.com) and they all have the same shortcoming -- all of these sites either upcase or downcase the headers before presenting it in the UI. Great.

receipt.jpg

So, after all this, we're at least sure both headers are being passed, but we're still not sure about a couple things:

  1. Is Workato manipulating the header casing?
  2. Does your API actually have case-sensitive headers?

One last thing: I set up a local HTTPS server, called it from Workato and got this:

Apikey: blahblahblah
Apikeyvalue: yadayadayada

The plot thickens.

If your API requires case-sensitive headers, you might be hosed. Hopefully someone else has another idea.

@rajeshjanapati  @francbaviello  @shivakumara 

shivakumara
Executive Chef III
Executive Chef III
In response to gary1

‎02-05-2026 10:48 PM

Hi @gary1 ,

Thank you for the detailed explanation.

I have sent the API key and API key value directly via the recipe, as we are unable to verify the headers when they are sent through the connection configuration. From our observation, Workato is not modifying the headers and is sending them exactly as provided.

Please refer to the attached screenshot for reference. However, it appears that the API endpoint itself is transforming the header names (for example, converting them to lowercase).

Official standard:
RFC 7230 / RFC 9110: HTTP header field names are case‑insensitive

So when an API requires case‑sensitive headers, it usually means:

  • The API is incorrectly implemented
  • It violates HTTP standards
  • Many tools may not support it properly

Send HTTP request.png
Thanks and Regards,
Shivakumara K A

AMacourek
Deputy Chef III
Deputy Chef III

‎02-06-2026 06:50 AM

What really bothers me is that now it works. I created a new connection and added the headers. Thanks for the heads up about webhook.site.  I tested that first and then went to the other API.  The casing even works fine.

0 Kudos
Copyright © 2026 Khoros, LLC