# API Platform

Workato allows for callable recipes to be turned into an API endpoint. This means that your callable recipes can be called and used by someone who doesn't need to have access to your Workato account, provided that:

1. They have a confidential API token generated by you.

2. The callable recipe they're trying to call is active and has been enabled for access by the API owner.

API calls can be made from Workato recipes in other accounts (using the HTTP Connector) or by tools, programs and scripts that are completely outside of Workato.

Workato's API Platform allows a Workato user to control and monitor access to APIs associated with their account's recipes. The API Platform is available from the Tools menu.

API Platform Tool

# Concepts

# Endpoints

An endpoint is a single callable REST interface. It has an associated public URL. Calls to the URL initiate a recipe that has a Callable Recipe trigger.

# API Collections

Endpoints are organized into API Collections. An API Collection is a set of Endpoints that can be managed together.

# Clients

A client is a user to whom access to one or more API Collections can be granted.

# Access Profiles

A single client can have one or more Access Profiles. An Access Profile specifies one or more API Collections to which the client has access, and is optionally associated with an Access Policy.

# Access Policies

An Access Policy can be used to set restrictions on the usage of an API. A single policy can be associated with one or more Access Profiles.

# API tokens

An API token grants access to all the API Collections within an Access Profile. Technically, an API token is a string that is passed in the HTTP header with the name API-Token.

# More information

See the following pages for more details on Workato's API Platform:

• API Collections and Endpoint Management

• API Access Policies

• Managing API Clients and Access Profiles

• Calling APIs

• Setting up endpoints to handle raw content

• Security Best Practices for APIs