✅ What you’ll learn in this module:

  • How Weld authenticates with your connector
  • How to verify requests using a bearer token
  • How to return an error if the request isn’t valid
  • How to test authentication locally

🔐 How Weld authenticates

Weld includes an Authorization header in every request to your connector, using a Bearer token like this:

Authorization: Bearer YOUR_WELD_TOKEN

You define this token when setting up your custom connector in the Weld app. Your connector must check that the token is correct before returning any data.

🛠 Add token verification to your handler

Update your handler() function to check for a valid token:

1import os
2from flask import jsonify, Request
3
4# Load your expected token from an environment variable
5EXPECTED_TOKEN = os.environ.get("WELD_AUTH_TOKEN")
6
7
8def is_authenticated(request: Request):
9    auth_header = request.headers.get("Authorization", "")
10    token = auth_header.replace("Bearer ", "")
11    return token == EXPECTED_TOKEN
12
13
14@functions_framework.http
15def handler(request: Request):
16    if not is_authenticated(request):
17        return "Unauthorized", 401
18
19    if request.path == "/schema":
20        return jsonify(get_schema()), 200
21
22    if request.method == "POST":
23        request_data = request.get_json()
24        return jsonify(get_data(request_data)), 200
25
26    return "Hello, Weld!", 200
27

🔧 Set up the environment variable

Before testing, define your expected token in a .env file or directly in your shell:

export WELD_AUTH_TOKEN="your-secret-token"

Or in .env:

WELD_AUTH_TOKEN=your-secret-token

Then modify your local server to load it with:

pip install python-dotenv

Add to the top of your main.py:

1from dotenv import load_dotenv
2load_dotenv()
3

🧪 Test in Postman

  1. No token:
    • Remove the Authorization header
    • You should get 401 Unauthorized
  2. Wrong token:
    • Use Authorization: Bearer wrong-token
    • You should still get 401
  3. Correct token:
    • Use Authorization: Bearer your-secret-token
    • You should get your normal response

✅ Authentication is now in place!

Next up

Deploying your connector to Google Cloud

Make your connector accessible to Weld - securely and reliably.

Go to module