V5.0 HTTP Requests Plugin Wants Basic Auth Creds To What?

I can’t setup this plugin without using basic auth now, but dont know which creds to use? I want to use the plugin to trigger an ICON workflow using a POST request.

Basic Auth authentication selected without providing username and password. The authentication type requires a username and password. Please complete the connection with a username and password or change the authentication type.

In your connection, try choosing “No Authentication” as the authentication type.

EDIT: That’s a new feature as of v4. We had a request to allow encrypted credential types, so they were added to the connection. If you don’t want to use any authentication you have to specify that in the connection.

Invalid or unreachable endpoint provided. Verify the endpoint/URL/hostname configured in your plugin connection is correct. Response was: {“message”:“Please check the documentation at https://insight.help.rapid7.com/docs/product-apis or contact the Rapid7 Support”}

I am using for baseurl:


the desired result is to trigger a workflow

Ok, let me see if I can reproduce this on our end.

1 Like

Hey @hayden_redd, based on that baseurl it looks like this trigger would require API key authentication. You may want to try adding in the API key, and double check the trigger URL and authentication setting in that workflow.


To further what Charlotte said, your connection authentication stuff will look like this:


Specifically note the Default Headers configuration. It will be this:


“CUSTOM_SECRET_INPUT” will be replaced with the key from the Secret above.

That allows us to encrypt the X-Api-Key

that’s actually my settings now is using the API key in the headers like that , forgot to say


current settings, this worked a few plugin versions ago


docs now say


think I got it now



and then add route as workflow ID

Good deal. Sorry for the confusion. We’re going to try to clean up the connection in that plugin to make it more user friendly.

no problem, I was just trying to be super cool but calling the webhook generated by the new api trigger was the simple fix…

It’s even simpler than this! If you choose the “Rapid7 InsightAuthentication Type in the connection, you can paste your Rapid7 API Key in the Secret Key field. We added support for this to make it easier to authenticate to Rapid7 product APIs. Users no longer need to create custom headers anymore for Insight products.

1 Like