# API platform

The API platform APIs allow users to programmatically create and manage API platform assets like endpoints, collections, clients, and access profiles.

All endpoints listed here are Workato Embedded Vendor APIs and require the oem_vendor privilege. The API platform feature is also a feature add-on that should be enabled in the partner admin and customer accounts. Talk to your Workato representative to enable both privileges.

For Workato Embedded partners looking to enable API platform for their customer accounts, use this guide for more information.

# Quick reference

Type Resource Description
GET /api_collections List API collections in a customer account.
POST /api_collections Create API collection in a customer account.
GET /api_endpoints List API endpoints in a collection.
PUT /api_endpoints/:api_endpoint_id/enable Enable an API endpoint in a collection.
PUT /api_endpoints/:api_endpoint_id/disable Disable an API endpoint in a collection.
GET /api_clients List API clients in a customer account.
POST /api_clients Create API client in a customer account.
GET /api_access_profiles List access profiles belonging to an API client in a customer account.
POST /api_access_profiles Create an access profile belonging to an API client in a customer account.
PUT /api_access_profiles Update an access profile belonging to an API client in a customer account.
PUT /api_access_profiles/:api_access_profile_id/enable Enable an access profile belonging to an API client in a customer account.
PUT /api_access_profiles/:api_access_profile_id/disable Disable an access profile belonging to an API client in a customer account.
PUT /api_access_profiles/:access_profile_id/refresh_secret Refreshes access profile token or secret.

# Base path

For all the APIs above, the base path is /api/managed_users/:id where the customer account ID is required in as a URL parameter.

Name Type Description
id string
required
Workato Embedded customer Account ID/External ID.
External id should be prefixed with a E(eg: EA2300) and the resulting id should be URL encoded.

Example:

https://www.workato.com/api/managed_users/5454/api_collections

# List API collections

List all API collections in a customer account.

GET /api/managed_users/:id/api_collections

# Response

{
    "result": [
        {
            "id": 1388,
            "name": "Zuora sync",
            "version": "5",
            "url": "https://api.na.workato.com/abstergoi/created-collection-v5",
            "api_spec_url": "https://www.workato.com/doc/service/created-collection-v5/swagger?token=65989339c72899ahjk9fb173c657cf9511",
            "created_at": "2020-07-31T08:09:29.062-07:00",
            "updated_at": "2020-07-31T08:19:27.703-07:00"
        }
    ]
}

# Create API collection

Create an API collections in a customer account.

POST /api/managed_users/:id/api_collections

# Payload

Name Type Description
name string
required
Name of the collection

# Sample request

curl  -X POST https://www.workato.com/api/managed_users/5454/api_collections \
      -H 'x-user-email: <email>' \
      -H 'x-user-token: <token>' \
      -H 'Content-Type: application/json' \
      -d '{
            "name": "Netsuite customers",
          }'

# Response

{
    "id": 1397,
    "name": "Netsuite customers",
    "version": "1.0",
    "url": "https://api.na.workato.com/abstergoi/netsuite-customers-v1",
    "api_spec_url": "https://www.workato.com/doc/service/netsuite-customers-v1/swagger?token=774513f8a712djkls90s7f5a3165eb96d",
    "created_at": "2020-07-31T08:24:31.439-07:00",
    "updated_at": "2020-07-31T08:24:31.439-07:00"
}

# List API endpoints

Lists all API endpoints in a customer account. Specify the api_collection_id to obtain the list of endpoints in a specific collection.

GET /api/managed_users/:id/api_endpoints

# URL parameters

Name Type Description
api_collection_id string
ID of the API collection. If the parameter is not provided, all API endpoints are returned.

# Sample request

curl  -X GET 'https://www.workato.com/api/managed_users/5454/api_endpoints?api_collection_id=1391' \
      -H 'x-user-email: <email>' \
      -H 'x-user-token: <token>' \
      -H 'Content-Type: application/json' \

# Response

{
    "result": [
        {
            "id": 9903,
            "api_collection_id": 1391,
            "flow_id": 39999,
            "name": "salesforce search",
            "method": "GET",
            "url": "https://api.na.workato.com/abstergoi/netsuite-customers-v1/salesforce/search",
            "legacy_url": null,
            "base_path": "/abstergoi/netsuite-customers-v1/salesforce/search",
            "path": "salesforce/search",
            "active": false,
            "legacy": false,
            "created_at": "2020-08-05T05:59:55.991-07:00",
            "updated_at": "2020-08-05T05:59:55.991-07:00"
        }
    ]
}

# Enable API endpoint

Enables an API endpoint. The underlying recipe must be started in order to enable the API endpoint successfully.

PUT /api/managed_users/:id/api_endpoints/:api_endpoint_id/enable

# URL parameters

Name Type Description
api_endpoint_id string
ID of the API endpoint.

# Sample request

curl  -X GET https://www.workato.com/api/managed_users/5454/api_endpoints/1213/enable \
      -H 'x-user-email: <email>' \
      -H 'x-user-token: <token>' \
      -H 'Content-Type: application/json' \

# Disable API endpoint

Disables an active API endpoint. The endpoint can no longer be called by a client.

PUT /api/managed_users/:id/api_endpoints/:api_endpoint_id/disable

# URL parameters

Name Type Description
api_endpoint_id string
ID of the API endpoint.

# Sample request

curl  -X GET https://www.workato.com/api/managed_users/5454/api_endpoints/1213/disable \
      -H 'x-user-email: <email>' \
      -H 'x-user-token: <token>' \
      -H 'Content-Type: application/json' \

# List API clients

List all API clients in a customer account.

GET /api/managed_users/:id/api_clients

# Response

{
    "result": [
        {
            "id": 1255,
            "name": "Automation Inc.",
            "created_at": "2020-07-31T03:44:22.435-07:00",
            "updated_at": "2020-07-31T03:44:22.435-07:00"
        },
        {
            "id": 1890,
            "name": "Umbrella Corporation",
            "created_at": "2020-07-31T03:44:22.435-07:00",
            "updated_at": "2020-07-31T03:44:22.435-07:00"
        }
    ]
}

# Create API client

Create a new API client in a customer account.

POST /api/managed_users/:id/api_clients

# Payload

Name Type Description
name string
required
Name of the client

# Sample request

curl  -X POST https://www.workato.com/api/managed_users/5454/api_clients \
      -H 'x-user-email: <email>' \
      -H 'x-user-token: <token>' \
      -H 'Content-Type: application/json' \
      -d '{
            "name": "Automation Inc.",
          }'

# Response

{
    "id": 1255,
    "name": "Automation Inc.",
    "created_at": "2020-07-31T03:44:22.435-07:00",
    "updated_at": "2020-07-31T03:44:22.435-07:00"
}

# List access profiles

List all access profiles belonging to an API client in a customer account.

GET /api/managed_users/:id/api_clients/:api_client_id/api_access_profiles

# URL parameters

Name Type Description
id string
required
Workato Embedded customer Account ID/External ID.
External id should be prefixed with a E(eg: EA2300) and the resulting id should be URL encoded. token jwt oauth2
api_client_id string
required
API client id

# Sample request

curl  -X GET 'https://www.workato.com/api/managed_users/4243/api_access_profiles?api_client_id=1255'\
      -H 'x-user-email: <email>' \
      -H 'x-user-token: <token>'

# Response

{
    "id": 4676,
    "exteranl_id": "A298247",
    "name": "Customer A",
    "notification_email": "customer-a@a.com",
    "plan_id": "business_yearly",
    "in_trial": false,
    "created_at": "2019-07-11T10:08:41.693-07:00",
    "updated_at": "2019-07-11T10:22:35.132-07:00"
}

# Create access profile

Create an access profile belonging to an API client in a customer account. To use this endpoint, the customer account must have at least 1 API collection to assign to the access profile.

The response returned depends on the auth type chosen (Auth token, JSON web token or OAuth 2.0).

  • Auth token authorization will return the auth token in the secret response
  • JWT token has 2 signing methods: HMAC and RSA. Depending on the chosen method, the respective secret or public is required in the payload
  • OAuth 2.0 authorization will return the client ID and secret in oauth_client_id and oauth_client secret
POST /api/managed_users/:id/api_clients/:api_client_id/api_access_profiles

# URL parameters

Name Type Description
id string
required
Workato Embedded customer Account ID/External ID.
External id should be prefixed with a E(eg: EA2300) and the resulting id should be URL encoded. token jwt oauth2
api_client_id string
required
API client id

# Payload

Name Type Description
name string
required
Name of the access profile
api_collection_ids string
required
IDs of collections to add to the access profile
active boolean
required
Whether the access profile is disabled or enabled. A client with a disabled access profile cannot call any APIs.
auth_type string
required
Authentication method to validate requests. Available options are: token, jwt and oauth2 for Auth token, JSON web token and OAuth 2.0 respectively.
jwt_method string The JWT signing method. If the auth_type is jwt, this is required. Available options are hmac and rsa for HMAC and RSA respectively.
jwt_secret string Based on the method, specify the HMAC shared secret or the RSA public key.

# Sample request (Auth token)

curl  -X POST 'https://www.workato.com/api/managed_users/4243/api_access_profile?api_client_id=1255'\
      -H 'x-user-email: <email>' \
      -H 'x-user-token: <token>'
      -d '{
  	          "name": "Sales team",
  	          "api_collection_ids": [1391, 1388],
              "auth_type": "token",
  	          "active": true
           }'

# Sample request (JWT HMAC)

curl  -X POST 'https://www.workato.com/api/managed_users/4243/api_access_profile?api_client_id=1255'\
      -H 'x-user-email: <email>' \
      -H 'x-user-token: <token>'
      -d '{
	           "name": "HMAC API",
	           "api_collection_ids": [1391, 1388],
	           "auth_type": "jwt",
	           "jwt_method": "rsa",
	           "jwt_secret": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ngjihh5hXDRe0c1qPNc\nrF7RIoAG/iNZXruTspeX8e2auMBXTwVI0sLgwUo26lMXCRAvC004JWKugzh1UHXY\nsjmtwZFRznqhb/ojJDi785+zbmVNLWmbIB/ChBUyckBSExsmR0nOpQhiW0przr2J\ncQIDAQAB\n-----END PUBLIC KEY-----",
	           "active": true
           }'

# Response (Auth token)

{
    "id": 26967,
    "name": "Sales team",
    "api_group_ids": [
        1391,
        1388
    ],
    "active": true,
    "auth_type": "token",
    "jwt_method": null,
    "jwt_secret": null,
    "oauth_client_id": null,
    "oauth_client_secret": null,
    "secret": "xxxxxxxxxxx",
    "created_at": "2020-07-31T09:48:55.337-07:00",
    "updated_at": "2020-07-31T09:48:55.337-07:00"
}

# Update access profile

Update an access profile belonging to an API client in a customer account.

The response returned depends on the auth type chosen (Auth token, JSON web token or OAuth 2.0).

  • Auth token authorization will return the auth token in the secret response
  • JWT token has 2 signing methods: HMAC and RSA. Depending on the chosen method, the respective secret or public is required in the payload
  • OAuth 2.0 authorization will return the client ID and secret in oauth_client_id and oauth_client secret
PUT /api/managed_users/:id/api_access_profiles/:api_access_profile_id

# Path parameters

Name Type Description
id string
required
Workato Embedded customer Account ID/External ID.
External id should be prefixed with a E(eg: EA2300) and the resulting id should be URL encoded.
api_access_profile_id string
required
API access profile ID.

# Query parameters

Name Type Description
api_client_id string
required
API client ID.

# Payload

Name Type Description
name string
required
Name of the access profile
api_collection_ids string
required
IDs of collections to add to the access profile
active boolean
required
Whether the access profile is disabled or enabled. A client with a disabled access profile cannot call any APIs.
auth_type string
required
Authentication method to validate requests. Available options are: token, jwt and oauth2 for Auth token, JSON web token and OAuth 2.0 respectively.
jwt_method string The JWT signing method. If the auth_type is jwt, this is required. Available options are hmac and rsa for HMAC and RSA respectively.
jwt_secret string Based on the method, specify the HMAC shared secret or the RSA public key.

# Sample request (Auth token)

curl  -X PUT 'https://www.workato.com/api/managed_users/4243/api_access_profiles/178294?api_client_id=1255'\
      -H 'x-user-email: <email>' \
      -H 'x-user-token: <token>'
      -d '{
  	          "name": "Sales team",
  	          "api_collection_ids": [1391, 1388],
              "auth_type": "token",
  	          "active": true
           }'

# Enable access profile

Enable an access profile belonging to an API client in a customer account. Enabling an access profile will allow API calls to be accepted with the enabled profile.

This call returns success or error messages for Unauthorized/Bad requests.

PUT /api/managed_users/:id/api_access_profiles/:api_access_profile_id/enable

# URL parameters

Name Type Description
api_access_profile_id string
required
ID of the access profile.

# Sample request (Auth token)

curl  -X PUT https://www.workato.com/api/managed_users/1279482/api_access_profiles/1213/enable \
      -H 'x-user-email: <email>' \
      -H 'x-user-token: <token>' \
      -H 'Content-Type: application/json' \

# Disable access profile

Disable an access profile belonging to an API client in a customer account. Disabling an access profile will stop allowing API calls to be accepted with the access profile.

This call returns success or error messages for Unauthorized/Bad requests.

PUT /api/managed_users/:id/api_access_profiles/:api_access_profile_id/disable

# URL parameters

Name Type Description
api_access_profile_id string
required
ID of the access profile.

# Sample request (Auth token)

curl  -X PUT https://www.workato.com/api/managed_users/127894/api_access_profiles/1213/disable \
      -H 'x-user-email: <email>' \
      -H 'x-user-token: <token>' \
      -H 'Content-Type: application/json' \

# Refresh token/secret

Refreshes the auth token or OAuth 2.0 client secret. This endpoint will fail if the authorization type on the access profile is JWT.

The response returned depends on the authorization type of the access profile (Auth token or OAuth 2.0).

  • Auth token authorization will return a new auth token in the secret response
  • OAuth 2.0 authorization will return a new client ID and secret in oauth_client_id and oauth_client secret
PUT /api/managed_users/:id/api_access_profiles/:access_profile_id/refresh_secret

# URL parameters

Name Type Description
id string
required
Workato Embedded customer Account ID/External ID.
External id should be prefixed with a E(eg: EA2300) and the resulting id should be URL encoded.
access_profile_id string
required
API access profile ID

# Response (Auth token)

{
    "id": 26962,
    "name": "Sales team",
    "api_client_id": 1255,
    "api_collection_ids": [
        1391
    ],
    "active": true,
    "auth_type": "token",
    "jwt_method": null,
    "jwt_secret": null,
    "oauth_client_id": null,
    "oauth_client_secret": null,
    "secret": "xxxxxxxxxxx",
    "created_at": "2020-07-31T09:10:03.310-07:00",
    "updated_at": "2020-08-05T06:08:46.290-07:00"
}