> ## Documentation Index
> Fetch the complete documentation index at: https://docs.langdock.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Controls

> Control which workflow node types users can build with, including the Code and HTTP Request nodes.

<Info>
  Workflow settings are available to workspace administrators. These controls help you manage security across all workflows in your workspace.
</Info>

Workflow security settings let you control which node types are available to users when building workflows. Disabling certain nodes can help enforce security policies and prevent unauthorized external access.

## Accessing Workflow Settings

<Steps>
  <Step title="Open Workspace Settings">
    Navigate to your [workspace settings](https://app.langdock.com/settings/workspace) from the main menu.
  </Step>

  <Step title="Go to Workflows Section">
    Select the **Workflows** section to view security and spending controls.
  </Step>
</Steps>

## Code Node Toggle

The Code node allows users to execute custom code within workflows for data transformation and custom logic.

**When enabled:**

* Users can add Code nodes to their workflows
* Custom code execution is permitted
* Data transformations, calculations, and complex business logic are possible

**When disabled:**

* Code nodes cannot be added to new workflows
* Existing workflows with Code nodes will fail at the Code node step
* Users must use other nodes (Agent, Condition, etc.) for data processing

<Warning>
  Disabling Code nodes affects all workflows in the workspace. Review existing workflows before making changes, as workflows containing Code nodes will no longer function correctly.
</Warning>

**When to disable:**

* Your security policy prohibits custom code execution
* You want to restrict workflow capabilities to pre-built nodes only
* Compliance requirements mandate limited scripting capabilities

For supported languages and examples, see the [Code node](/en/using-langdock/workflows/nodes/code-node) page.

## HTTP Node Toggle

The HTTP Request node allows workflows to make external API calls to any endpoint.

**When enabled:**

* Users can add HTTP Request nodes to their workflows
* Workflows can call external APIs, webhooks, and services
* Custom integrations with third-party systems are possible

**When disabled:**

* HTTP Request nodes cannot be added to new workflows
* Existing workflows with HTTP Request nodes will fail at that step
* Users must rely on native integrations for external connectivity

<Warning>
  Disabling HTTP nodes prevents workflows from making external API calls. This may break workflows that rely on custom API integrations not available through native connectors.
</Warning>

**When to disable:**

* Your security policy restricts outbound network requests
* Data exfiltration concerns require limiting external connectivity
* You want to ensure all integrations go through vetted native connectors