Authentication and API Key Storage Options for Flow Action Extension

Dear Shopify Partner Support Team,

We are currently planning to develop a Flow Action Extension to integrate Shopify Flow with our external API.

We would like to authenticate requests using an API key, and are exploring how users could provide this API key within the Flow Action configuration.

Could you advise on possible implementation options to allow the user to input and store an API key via the Flow UI?

Specifically, we would like to confirm whether the following requirements are supported:

  • Can the API key input field be masked (e.g., hidden like a password)?
  • Can a user-set API key be reused across multiple Flow workflows, or stored at the app level for reusability?

Thank you very much in advance for your guidance.

Can you elaborate on why you need an API key in the action?

We would like to use an API that we have already implemented on our side, and the reason is that it uses API key-based authentication.

What uses API key-based auth? I think the only way this makes sense is if you are calling a third-party action that requires an API key. But even then, you could have them enter the API key in your app instead of in Flow.