# API platform
The API platform APIs allow users to programmatically create and manage API platform assets like endpoints, collections, clients, and access profiles.
All endpoints listed here are Embedded Vendor APIs and require the oem_vendor
privilege. The API platform feature is also a feature add-on that should be enabled in the partner admin and customer workspaces. Talk to your Workato representative to enable both privileges.
For Embedded partners looking to enable API platform for their customers, use this guide for more information.
# Quick reference
Type | Resource | Description |
---|---|---|
GET | /api_collections | List API collections in a customer workspace. The endpoint returns the project_id of the project to which the collections belong in the response. |
POST | /api_collections | Create an API collection in a customer workspace within a project you specify. |
GET | /api_endpoints | List API endpoints in a collection. |
PUT | /api_endpoints/:api_endpoint_id/enable | Enable an API endpoint in a collection. |
PUT | /api_endpoints/:api_endpoint_id/disable | Disable an API endpoint in a collection. |
GET | /api_clients | List all API clients in a customer workspace. Workato includes the project_id of the project to which the API client belongs in the response. |
POST | /api_clients | Create a new API client in a customer workspace within a project you specify. |
GET | /api_access_profiles | List access profiles belonging to an API client in a customer workspace. |
POST | /api_access_profiles | Create an access profile belonging to an API client in a customer workspace. |
PUT | /api_access_profiles | Update an access profile belonging to an API client in a customer workspace. |
PUT | /api_access_profiles/:api_access_profile_id/enable | Enable an access profile belonging to an API client in a customer workspace. |
PUT | /api_access_profiles/:api_access_profile_id/disable | Disable an access profile belonging to an API client in a customer workspace. |
PUT | /api_access_profiles/:access_profile_id/refresh_secret | Refreshes access profile token or secret. |
# Base path
For all the APIs above, the base path is /api/managed_users/:id
where the customer ID is required in as a URL parameter.
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. |
Example:
https://www.workato.com/api/managed_users/5454/api_collections
# List API collections
List all API collections in a customer workspace. This endpoint returns the project_id
of the project to which the collections belong in the response.
GET /api/managed_users/:id/api_collections
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. |
# Response
{
"result": [
{
"id": 1388,
"name": "Zuora sync",
"version": "5",
"url": "https://api.na.workato.com/abstergoi/created-collection-v5",
"api_spec_url": "https://www.workato.com/doc/service/created-collection-v5/swagger?token=65989339c72899ahjk9fb173c657cf9511",
"created_at": "2020-07-31T08:09:29.062-07:00",
"updated_at": "2020-07-31T08:19:27.703-07:00",
"project_id": "523144"
}
]
}
# Create API collection
Create an API collection in a customer workspace within a project you specify.
POST /api/managed_users/:id/api_collections
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. |
# Query parameters
Name | Type | Description |
---|---|---|
project_id | string required | The ID of a specific project. Retrieve a list of project IDs using the list projects endpoint. |
# Payload
Name | Type | Description |
---|---|---|
name | string required | Name of the collection |
# Sample request
curl -X POST https://www.workato.com/api/managed_users/5454/api_collections?project_id=523144 \
-H 'Authorization: Bearer <api_token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "Netsuite customers",
}'
# Response
{
"id": 1397,
"name": "Netsuite customers",
"version": "1.0",
"url": "https://api.na.workato.com/abstergoi/netsuite-customers-v1",
"api_spec_url": "https://www.workato.com/doc/service/netsuite-customers-v1/swagger?token=774513f8a712djkls90s7f5a3165eb96d",
"created_at": "2020-07-31T08:24:31.439-07:00",
"updated_at": "2020-07-31T08:24:31.439-07:00"
}
# List API endpoints
Lists all API endpoints in a customer workspace. Specify the api_collection_id
to obtain the list of endpoints in a specific collection.
GET /api/managed_users/:id/api_endpoints
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. |
# Query parameters
Name | Type | Description |
---|---|---|
api_collection_id | string | ID of the API collection. If the parameter is not provided, all API endpoints are returned. |
# Sample request
curl -X GET 'https://www.workato.com/api/managed_users/5454/api_endpoints?api_collection_id=1391' \
-H 'Authorization: Bearer <api_token>' \
-H 'Content-Type: application/json' \
# Response
{
"result": [
{
"id": 9903,
"api_collection_id": 1391,
"flow_id": 39999,
"name": "salesforce search",
"method": "GET",
"url": "https://api.na.workato.com/abstergoi/netsuite-customers-v1/salesforce/search",
"legacy_url": null,
"base_path": "/abstergoi/netsuite-customers-v1/salesforce/search",
"path": "salesforce/search",
"active": false,
"legacy": false,
"created_at": "2020-08-05T05:59:55.991-07:00",
"updated_at": "2020-08-05T05:59:55.991-07:00"
}
]
}
# Enable API endpoint
Enables an API endpoint. The underlying recipe must be started to enable the API endpoint successfully.
PUT /api/managed_users/:id/api_endpoints/:api_endpoint_id/enable
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. |
api_endpoint_id | string | ID of the API endpoint. |
# Sample request
curl -X GET https://www.workato.com/api/managed_users/5454/api_endpoints/1213/enable \
-H 'Authorization: Bearer <api_token>' \
-H 'Content-Type: application/json' \
# Disable API endpoint
Disables an active API endpoint. The endpoint can no longer be called by a client.
PUT /api/managed_users/:id/api_endpoints/:api_endpoint_id/disable
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. |
api_endpoint_id | string | ID of the API endpoint. |
# Sample request
curl -X GET https://www.workato.com/api/managed_users/5454/api_endpoints/1213/disable \
-H 'Authorization: Bearer <api_token>' \
-H 'Content-Type: application/json' \
# List API clients
List all API clients in a customer workspace. This endpoint includes the project_id
to which the API client belongs in the response.
GET /api/managed_users/:id/api_clients
# Response
{
"result": [
{
"id": 1255,
"name": "Automation Inc.",
"created_at": "2020-07-31T03:44:22.435-07:00",
"updated_at": "2020-07-31T03:44:22.435-07:00",
"project_id": "523144"
},
{
"id": 1890,
"name": "Umbrella Corporation",
"created_at": "2020-07-31T03:44:22.435-07:00",
"updated_at": "2020-07-31T03:44:22.435-07:00",
"project_id": "423455"
}
]
}
# Create API client
Create a new API client in a customer workspace within a project you specify.
POST /api/managed_users/:id/api_clients
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. |
# Query parameters
Name | Type | Description |
---|---|---|
project_id | string required | The ID of a specific project. Retrieve a list of project IDs by using the list projects endpoint. |
# Payload
Name | Type | Description |
---|---|---|
name | string required | Name of the client. |
# Sample request
curl -X POST https://www.workato.com/api/managed_users/5454/api_clients?project_id=523144 \
-H 'Authorization: Bearer <api_token>' \
-H 'Content-Type: application/json' \
-d '{
"name": "Automation Inc.",
}'
# Response
{
"id": 1255,
"name": "Automation Inc.",
"created_at": "2020-07-31T03:44:22.435-07:00",
"updated_at": "2020-07-31T03:44:22.435-07:00"
}
# List access profiles
List all access profiles belonging to an API client in a customer workspace. If you don't provide an API client ID, the resource lists all access profiles for all API clients in the customer workspace.
GET /api/managed_users/:id/api_access_profiles?api_client_id=:client_id
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Provide an Embedded customer ID or external ID to retrieve access profiles belonging to that customer workspace. The External ID must be URL encoded and prefixed with an E (for example, EA2300 ). |
api_client_id | string optional | API client ID for the client that you plan to retrieve access profiles from. |
api_token | string required | The API token is the token for any API client in your Embedded API platform. You can create a new Embedded API platform API client in your admin account by going to Workspace access > API clients. |
# Sample request
curl -X GET 'https://www.workato.com/api/managed_users/4243/api_access_profiles?api_client_id=1255'\
-H 'Authorization: Bearer <api_token>'
# Response
"result": [
{
"id": 31387,
"name": "Financial API Client",
"api_client_id": 4663,
"api_collection_ids": [
3574
],
"active": true,
"auth_type": "token",
"created_at": "2023-11-21T09:58:30.980-09:00",
"updated_at": "2023-11-21T09:58:30.980-09:00"
}
]
# Create access profile
Create an access profile belonging to an API client in a customer workspace. To use this endpoint, the customer workspace must have at least one API collection to assign to the access profile.
The response returned depends on the auth type chosen (Auth token, JSON web token or OAuth 2.0).
- Auth token authorization will return the auth token in the
secret
response - JWT token has 2 signing methods: HMAC and RSA. Depending on the chosen method, the respective secret or public is required in the payload
- OAuth 2.0 authorization will return the client ID and secret in
oauth_client_id
andoauth_client secret
POST /api/managed_users/:id/api_access_profiles
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. token jwt oauth2 |
# Query parameters
Name | Type | Description |
---|---|---|
api_client_id | string required | API client ID. |
# Payload
Name | Type | Description |
---|---|---|
name | string required | Name of the access profile |
api_collection_ids | List of integers required | IDs of collections to add to the access profile |
active | boolean required | Whether the access profile is disabled or enabled. A client with a disabled access profile cannot call any APIs. |
auth_type | string required | Authentication method to validate requests. Available options are: token , jwt and oauth2 for Auth token, JSON web token and OAuth 2.0 respectively. |
jwt_method | string | The JWT signing method. If the auth_type is jwt , this is required. Available options are hmac and rsa for HMAC and RSA respectively. |
jwt_secret | string | Based on the method, specify the HMAC shared secret or the RSA public key. |
# Sample request (Auth token)
curl -X POST 'https://www.workato.com/api/managed_users/4243/api_access_profiles?api_client_id=1255'\
-H 'Authorization: Bearer <api_token>' \
-d '{
"name": "Sales team",
"api_collection_ids": [1391, 1388],
"auth_type": "token",
"active": true
}'
# Sample request (JWT HMAC)
curl -X POST 'https://www.workato.com/api/managed_users/4243/api_access_profiles?api_client_id=1255'\
-H 'Authorization: Bearer <api_token>' \
-d '{
"name": "HMAC API",
"api_collection_ids": [1391, 1388],
"auth_type": "jwt",
"jwt_method": "rsa",
"jwt_secret": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ngjihh5hXDRe0c1qPNc\nrF7RIoAG/iNZXruTspeX8e2auMBXTwVI0sLgwUo26lMXCRAvC004JWKugzh1UHXY\nsjmtwZFRznqhb/ojJDi785+zbmVNLWmbIB/ChBUyckBSExsmR0nOpQhiW0przr2J\ncQIDAQAB\n-----END PUBLIC KEY-----",
"active": true
}'
# Response (Auth token)
{
"id": 26967,
"name": "Sales team",
"api_group_ids": [
1391,
1388
],
"active": true,
"auth_type": "token",
"jwt_method": null,
"jwt_secret": null,
"oauth_client_id": null,
"oauth_client_secret": null,
"secret": "xxxxxxxxxxx",
"created_at": "2020-07-31T09:48:55.337-07:00",
"updated_at": "2020-07-31T09:48:55.337-07:00"
}
# Update access profile
Update an access profile belonging to an API client in a customer workspace.
The response returned depends on the auth type chosen (Auth token, JSON web token or OAuth 2.0).
- Auth token authorization will return the auth token in the
secret
response - JWT token has 2 signing methods: HMAC and RSA. Depending on the chosen method, the respective secret or public is required in the payload
- OAuth 2.0 authorization will return the client ID and secret in
oauth_client_id
andoauth_client secret
PUT /api/managed_users/:id/api_access_profiles/:api_access_profile_id
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. |
api_access_profile_id | string required | API access profile ID. |
# Query parameters
Name | Type | Description |
---|---|---|
api_client_id | string required | API client ID. |
# Payload
Name | Type | Description |
---|---|---|
name | string required | Name of the access profile |
api_collection_ids | string required | IDs of collections to add to the access profile |
active | boolean required | Whether the access profile is disabled or enabled. A client with a disabled access profile cannot call any APIs. |
auth_type | string required | Authentication method to validate requests. Available options are: token , jwt and oauth2 for Auth token, JSON web token and OAuth 2.0 respectively. |
jwt_method | string | The JWT signing method. If the auth_type is jwt , this is required. Available options are hmac and rsa for HMAC and RSA respectively. |
jwt_secret | string | Based on the method, specify the HMAC shared secret or the RSA public key. |
# Sample request (Auth token)
curl -X PUT 'https://www.workato.com/api/managed_users/4243/api_access_profiles/178294?api_client_id=1255'\
-H 'Authorization: Bearer <api_token>' \
-d '{
"name": "Sales team",
"api_collection_ids": [1391, 1388],
"auth_type": "token",
"active": true
}'
# Enable access profile
Enable an access profile belonging to an API client in a customer workspace. Enabling an access profile allows API calls to be accepted with the enabled profile.
This call returns success
or error messages for Unauthorized/Bad requests.
PUT /api/managed_users/:id/api_access_profiles/:api_access_profile_id/enable
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. |
api_access_profile_id | string required | ID of the access profile. |
# Sample request (Auth token)
curl -X PUT https://www.workato.com/api/managed_users/1279482/api_access_profiles/1213/enable \
-H 'Authorization: Bearer <api_token>' \
-H 'Content-Type: application/json' \
# Disable access profile
Disable an access profile belonging to an API client in a customer workspace. Disabling an access profile will stop allowing API calls to be accepted with the access profile.
This call returns success
or error messages for Unauthorized/Bad requests.
PUT /api/managed_users/:id/api_access_profiles/:api_access_profile_id/disable
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. |
api_access_profile_id | string required | ID of the access profile. |
# Sample request (Auth token)
curl -X PUT https://www.workato.com/api/managed_users/127894/api_access_profiles/1213/disable \
-H 'Authorization: Bearer <api_token>' \
-H 'Content-Type: application/json' \
# Refresh token/secret
Refreshes the auth token or OAuth 2.0 client secret. This endpoint will fail if the authorization type on the access profile is JWT
.
The response returned depends on the authorization type of the access profile (Auth token or OAuth 2.0).
- Auth token authorization will return a new auth token in the
secret
response - OAuth 2.0 authorization will return a new client ID and secret in
oauth_client_id
andoauth_client secret
PUT /api/managed_users/:id/api_access_profiles/:access_profile_id/refresh_secret
# Path parameters
Name | Type | Description |
---|---|---|
id | string required | Embedded customer ID/external ID. External ID must be prefixed with an E (for example, EA2300 ) and the resulting ID should be URL encoded. |
access_profile_id | string required | API access profile ID |
# Response (Auth token)
{
"id": 26962,
"name": "Sales team",
"api_client_id": 1255,
"api_collection_ids": [
1391
],
"active": true,
"auth_type": "token",
"jwt_method": null,
"jwt_secret": null,
"oauth_client_id": null,
"oauth_client_secret": null,
"secret": "xxxxxxxxxxx",
"created_at": "2020-07-31T09:10:03.310-07:00",
"updated_at": "2020-08-05T06:08:46.290-07:00"
}
Last updated: 4/25/2024, 5:58:27 PM