# App connections

As the first step in the recipe building process, you must establish a connection between Workato and an app. This allows Workato to send and receive data from the app. Each connection corresponds to one app instance (such as a user account); recipe builders can reuse the same connection across multiple recipes.


You must establish a valid connection before you configure triggers and actions to retrieve data necessary for recipe construction, such as custom objects and fields, picklist values, and other meta-data.

# Connecting your app to Workato

Connect to an app by authenticating with the app via Workato and giving Workato permission to access the data.

There are two ways to connect your app:

  • As part of creating a recipe: open a new recipe, select an app, and select a trigger or action. Connection via new recipe
  • To establish several app connections: navigate to the Assets > Connections view and click Create connection Connection via new connection

# Authentication/authorization

Workato typically uses the app's authorization/authentication API to establish the connection, using one of the following methods:

  • OAuth 2.0
  • OAuth 1.0 (and variations)
  • Basic authentication
  • API key or secret

As part of this step, you provide Workato with the permission to access data from the app. The exact permissions granted to Workato usually correspond with the permissions of the connected app user.

For more information on connecting to a specific app, refer to the specific connector documentation.

# Example: Authentication flow for Salesforce

The following recipe requires both Salesforce and a Zendesk connection, both of which use OAuth 2.0. The Connection tab within the recipe shows further details about the app connections.

Example recipe Recipe syncing new/updated Salesforce accounts to Zendesk as organizations. Example recipe (opens new window)

The following shows the Connections tab. Zendesk is connected, but the Salesforce connector has no connection established yet.

Unconnected Salesforce Recipe without a Salesforce connection established

Clicking on the Connect button generates a popup that requests for Salesforce login credentials. Salesforce utilizes the standard OAuth 2.0 authentication flow, so usernames and passwords are provided only to Salesforce. Providing these credentials assure Salesforce that the user is giving permission for Workato to access their Salesforce data.

After you provide credentials, Salesforce appears as Connected. Now you can use this connection to create and run the recipe.

# Integration user

We recommend that you create a dedicated integration user account in the app to connect with Workato. Since this account is not associated with a human user, recipes will continue to run seamlessly if the recipe builder changes their login credentials or leaves the company. Additionally, it ensures Workato can access the necessary data to run a recipe and reduces the security risk of having to give a human user additional permissions than necessary for their role in the company.

Apps have different granularity when it comes to defining user roles and permissions. Refer to the specific connector documentation for more information on the required permissions.

# Using connections

Typically a company may only have a single instance of an app and they may have another instance for testing. Thus, a user would need just one connection for multiple recipes that work with the same app instance.

In cases where there are more than one app instance to connect to (such as when working with sandboxes and production organizations or teams), multiple connections should be created, with each connection authenticated with each separate instance.

Most Workato connectors allow only one connection to an app within a recipe. There are some connectors which allow you to work with two app instances within the same recipe.

Refer to secondary connectors to find out more.

# App connection errors

On occasions, app connections can become invalid due to several reasons:

  • app credentials were changed and the connection wasn't updated correspondingly in Workato
  • connected user doesn't have the right set of permissions to read/write selected records
  • permissions of the connected user was changed to a reduced scope

In such cases, reconnecting, or verifying that the connected user has permissions to read/write records used in the recipes should successfully re-establish the connection.

Design-time errors for app connection errors Design-time errors for app connection errors