Make Authentication¶
This document describes how to authenticate Make with the WhiteLabelCRO Integration API.
Authentication Method¶
Make uses API key authentication via the X-Api-Key header. This is the same authentication method used by Zapier, n8n, and custom integrations.
In Make, you configure a connection that includes the API key, and Make includes it with every API request to WhiteLabelCRO.
Obtaining an API key¶
Step 1: Create Key in Admin Portal¶
- Log in to your WhiteLabelCRO CRM
- Navigate to Settings > Integrations > API Keys
- Click Create New Key
- Enter a descriptive name (e.g., "Make Production Scenarios")
- Select required scopes (see below)
- Click Create
- Copy the generated key immediately
Critical: The full API key is displayed only once. Store it securely before closing the dialog.
Step 2: Required Scopes¶
For full Make functionality, select these scopes:
- events:read - Required for polling events or webhook triggers
- integrations:read - Required for search operations
- integrations:write - Required for create/update actions
- webhooks:write - Required if managing webhook subscriptions programmatically
You may use a key with fewer scopes if you only need specific operations (e.g., read-only scenarios).
Configuring Connections in Make¶
Creating a Connection¶
WhiteLabelCRO does not currently have a native Make app. Use the HTTP module with custom API key authentication.
Using HTTP modules:
- In Make, open your scenario
- Add or edit an HTTP module
- Click Add next to Connection
- Select Add a connection or similar
- Choose API Key authentication type
- Configure:
- Connection name: (e.g., "WhiteLabelCRO API")
- Header name:
X-Api-Key - API Key: Paste your API key
- Click Save
Using the Connection¶
- In HTTP modules, select the saved connection
- Make will automatically include the
X-Api-Keyheader with every request - No need to manually set headers per module
Multiple Connections¶
You can create multiple connections in Make for: - Different WhiteLabelCRO environments - Different API key scopes - Different clients (if you manage multiple CROs)
Each scenario can use a different connection.
Managing Connections¶
Viewing Saved Connections¶
In Make:
- Click your profile or organization settings
- Navigate to Connections section
- Search for "WhiteLabelCRO" or your connection name
- View all saved connections
Updating After Key Rotation¶
If you rotate or revoke an API key:
- Create a new API key in WhiteLabelCRO Admin Portal
- In Make, go to Connections
- Find the WhiteLabelCRO connection
- Click Edit or reconnect
- Update the API key value
- Click Save
All scenarios using that connection will automatically use the new key.
Deleting Connections¶
To remove a connection: 1. Go to Connections in Make 2. Find the connection 3. Click Delete or Remove
This does not revoke the API key in WhiteLabelCRO. To fully revoke access: 1. Delete the connection in Make 2. Revoke the API key in WhiteLabelCRO Admin Portal
Security Considerations¶
Key Storage¶
- Make stores connections encrypted
- Keys are transmitted over HTTPS only
- Keys are not visible in scenario execution logs
Key Separation¶
Use separate API keys for: - Different Make organizations or teams - Different scenario purposes - Development vs production scenarios
This allows targeted revocation without disrupting all scenarios.
Monitoring¶
Track API key usage in WhiteLabelCRO Admin Portal:
- Check lastUsedUtc timestamp to confirm activity
- Review rate limit consumption
- Monitor for unexpected usage patterns
Revocation¶
If a key is compromised:
- Revoke the key immediately in WhiteLabelCRO Admin Portal
- All Make requests will start failing (401 errors)
- Create a new key
- Update the connection in Make with the new key
Troubleshooting¶
Invalid API Key Error¶
Symptom: 401 error in scenario execution
Check:
- Key was copied completely (no truncation)
- Key format is wlcro_live_{companyId}_{secret}
- Key exists and is active in Admin Portal
- Key has not been revoked
Resolution: - Re-copy the key from secure storage - If lost, create a new key - Update connection in Make
Authentication Works Then Stops¶
Symptom: Previously working scenarios return 401 errors
Cause: API key was revoked in WhiteLabelCRO Admin Portal
Resolution: - Verify key status in Admin Portal - Create new key if revoked - Update connection in Make
Insufficient Permissions¶
Symptom: Authentication succeeds but specific operations fail with 403 errors
Cause: API key lacks required scope
Resolution: - Check which scope is required (see error message in scenario execution) - Create new key with additional scopes - Update connection in Make - Cannot add scopes to existing keys
Wrong API Key Used¶
Symptom: Scenario accessing wrong WhiteLabelCRO account
Resolution: - Check which connection the HTTP module is using - Update module to use correct connection - Name your connections clearly (e.g., "WhiteLabelCRO Production", "WhiteLabelCRO Dev")
Testing Connections¶
Manual Test Request¶
To verify your connection works:
- Add HTTP module
- Set method: GET
- Set URL:
https://your-api-url.com/api/v1/events?limit=1 - Select your WhiteLabelCRO connection
- Run the scenario once
- Should return 200 with event data (or empty array if no events)
Common Test Failures¶
- 401: Invalid or revoked API key
- 403: API key lacks
events:readscope - 404: Incorrect API base URL
- Connection timeout: Network or firewall issue
Best Practices¶
Naming Conventions¶
When creating API keys for Make, use descriptive names: - ✅ "Make Production - Full Access" - ✅ "Make Dev - Read Only" - ❌ "Make Key 1" - ❌ "Test"
Scope Principle¶
Grant only the scopes needed:
- Read-only scenarios (reporting): events:read, integrations:read
- Write-only scenarios (data entry): integrations:write
- Full bidirectional sync: All scopes
Regular Audits¶
Periodically review: - Active API keys in WhiteLabelCRO Admin Portal - Saved connections in Make - Remove unused connections and revoke unused keys
Team Management¶
If working with multiple team members: - Use separate API keys per team member or project - Assign connections appropriate scope levels - Monitor usage to identify inactive keys