# Integration Authentications Many of AirOps's native integrations (Asana, HubSpot, Webflow, Shopify, and others) require you to authenticate before you can use them in workflow steps. Once authenticated, you can opt in to **expose** those credentials so they can be referenced directly from Liquid templates and code steps. This is useful when you want to call an API the native step doesn't cover, or interpolate a token into a request. ## Enabling exposure 1. Navigate to **Settings > Integrations**. 2. Find the authentication you want to expose. 3. Toggle **Expose credentials** on for that row. The toggle is off by default. Credentials are only available to workflows when you explicitly opt in. ## Referencing in workflows Once exposed, credentials are accessible via the `authentications` variable, keyed by provider name and then by the authentication's display name. ### Liquid template ``` {{ authentications['asana']['Prod'].token }} ``` ### JavaScript code step ```javascript const auth = authentications.asana["Prod"]; const token = auth.token; ``` ### Python code step ```python auth = authentications["asana"]["Prod"] token = auth["token"] ``` The variable picker in the workflow builder lists exposed authentications under the "Integration Authentications" category. Clicking an entry inserts the correct path for the editor mode you're in. ## What's available The exact fields depend on the authentication type. For OAuth integrations, you'll typically have `token`, `refresh_token`, and `expires_at`. For API-key integrations, you'll have whatever field the integration uses (commonly `api_key`). ## Disabling exposure Toggle the switch off. Workflows that reference the now-unexposed credentials will resolve to empty values; if a workflow relied on those credentials, downstream calls may fail. Re-enable to restore. ## Security Credentials are automatically redacted as `*****` in trace logs and step error messages, so debugging errors that mention a token won't leak the value into execution history. Step outputs are not redacted. If a code step returns a credential value directly (for example, `return token`), the value will appear in the execution trace. Take care to avoid emitting credentials in step outputs. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.airops.com/your-workspace/authentications.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.