question Re: Can we secure our api made via HandleHttpRequest like OIDC/Oauth2 based security? in Support Questions https://community.cloudera.com/t5/Support-Questions/Can-we-secure-our-api-made-via-HandleHttpRequest-like-OIDC/m-p/414128#M254654 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/114561">@AlokKumar</a>&nbsp;I absolutely love this question.&nbsp; YES, it is possible!&nbsp; &nbsp;I recently built an API with NiFI and guess what,&nbsp; no auth!!&nbsp; &nbsp;<span class="lia-unicode-emoji" title=":sad_but_relieved_face:">😥</span>&nbsp; &nbsp; It is just a web api handling form posts, so it does nothing requiring auth, but it does respond with appropriate error codes if things happen unexpectedly.&nbsp; &nbsp;I can see you are thinking in terms of needing to add authentication layer which I think is required.&nbsp; &nbsp; &nbsp;<BR /><BR />Two solutions:&nbsp;<BR /><BR />1.&nbsp; Provide an auth mechanism in front of NiFi within load balancer.&nbsp;<BR />2.&nbsp; Build this auth check into the nifi api flow itself.<BR /><BR />For the latter,&nbsp; nifi can do anything right?&nbsp; &nbsp;There are many ways to do this, but after HandleHttpRequest, you could check an external system for valid user/pass, token, etc.&nbsp; I think your specificl requirements would dictate the logic further.&nbsp; An invalid auth would return appropriate HandleHttpResponse w/ 4xx error codes.&nbsp; &nbsp;<BR /><BR />One thing I would recommend is accounting for timeouts or slow clients.&nbsp; &nbsp;If a client is waiting for an external auth check, you need to be sensitive that call out could take too long in terms of the api connection.&nbsp; Make the nifi flow account for that scenario as well to handle the client timeout.&nbsp; &nbsp;If this is a major concern, i would investigate the first solution.&nbsp;&nbsp;</P> Thu, 28 May 2026 13:15:58 GMT steven-matison 2026-05-28T13:15:58Z Can we secure our api made via HandleHttpRequest like OIDC/Oauth2 based security? https://community.cloudera.com/t5/Support-Questions/Can-we-secure-our-api-made-via-HandleHttpRequest-like-OIDC/m-p/414121#M254647 <P>Hello can we secure our apis in nifi? Suppose we create nifi flow which utilises HandleHttpRequest for exposing an api. How to secure this? Is it possible to have Oauth2/Oidc?</P> Wed, 27 May 2026 08:29:51 GMT https://community.cloudera.com/t5/Support-Questions/Can-we-secure-our-api-made-via-HandleHttpRequest-like-OIDC/m-p/414121#M254647 AlokKumar 2026-05-27T08:29:51Z Re: Can we secure our api made via HandleHttpRequest like OIDC/Oauth2 based security? https://community.cloudera.com/t5/Support-Questions/Can-we-secure-our-api-made-via-HandleHttpRequest-like-OIDC/m-p/414128#M254654 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/114561">@AlokKumar</a>&nbsp;I absolutely love this question.&nbsp; YES, it is possible!&nbsp; &nbsp;I recently built an API with NiFI and guess what,&nbsp; no auth!!&nbsp; &nbsp;<span class="lia-unicode-emoji" title=":sad_but_relieved_face:">😥</span>&nbsp; &nbsp; It is just a web api handling form posts, so it does nothing requiring auth, but it does respond with appropriate error codes if things happen unexpectedly.&nbsp; &nbsp;I can see you are thinking in terms of needing to add authentication layer which I think is required.&nbsp; &nbsp; &nbsp;<BR /><BR />Two solutions:&nbsp;<BR /><BR />1.&nbsp; Provide an auth mechanism in front of NiFi within load balancer.&nbsp;<BR />2.&nbsp; Build this auth check into the nifi api flow itself.<BR /><BR />For the latter,&nbsp; nifi can do anything right?&nbsp; &nbsp;There are many ways to do this, but after HandleHttpRequest, you could check an external system for valid user/pass, token, etc.&nbsp; I think your specificl requirements would dictate the logic further.&nbsp; An invalid auth would return appropriate HandleHttpResponse w/ 4xx error codes.&nbsp; &nbsp;<BR /><BR />One thing I would recommend is accounting for timeouts or slow clients.&nbsp; &nbsp;If a client is waiting for an external auth check, you need to be sensitive that call out could take too long in terms of the api connection.&nbsp; Make the nifi flow account for that scenario as well to handle the client timeout.&nbsp; &nbsp;If this is a major concern, i would investigate the first solution.&nbsp;&nbsp;</P> Thu, 28 May 2026 13:15:58 GMT https://community.cloudera.com/t5/Support-Questions/Can-we-secure-our-api-made-via-HandleHttpRequest-like-OIDC/m-p/414128#M254654 steven-matison 2026-05-28T13:15:58Z Re: Can we secure our api made via HandleHttpRequest like OIDC/Oauth2 based security? https://community.cloudera.com/t5/Support-Questions/Can-we-secure-our-api-made-via-HandleHttpRequest-like-OIDC/m-p/414137#M254657 <P>Thank you&nbsp;<a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/95503">@steven-matison</a>&nbsp;for suggesting possible solutions. Could you please elaborate as I am new to these terms. I used to have my apis in Java/Spring Boot secured via OIdc/Oauth2 or even Basic for test apis earlier. We used to have libraries in Spring Boot to configure OIDC.</P> Fri, 29 May 2026 05:35:31 GMT https://community.cloudera.com/t5/Support-Questions/Can-we-secure-our-api-made-via-HandleHttpRequest-like-OIDC/m-p/414137#M254657 AlokKumar 2026-05-29T05:35:31Z