Product UpdatesStatus PageAutomation Institute
English
Get a trial
Embedded API
Resources

# API platform

The API platform APIs allow users to programmatically create and manage API platform assets like endpoints, collections, clients, and access profiles.

All endpoints listed here are Embedded Vendor APIs and require the oem_vendor privilege. The API platform feature is available to customers on specific pricing plans and should be enabled in both the partner admin and customer workspaces. Contact your Workato representative to enable these privileges.

RATE LIMIT

API platform endpoints allow up to 10 requests per second.

For Embedded partners looking to enable API platform for their customers, use this guide for more information.

DEPRECATION NOTICE

The following endpoints are scheduled for deprecation on December 1, 2025:

Migrate to the following endpoints before this date to avoid service interruptions:

# Quick reference

Type Resource Description
GET /api/managed_users/:id/api_collections List API collections in a customer workspace. The endpoint returns the project_id of the project to which the collections belong in the response.
POST /api/managed_users/:id/api_collections Create an API collection in a customer workspace within a project you specify.
GET /api/managed_users/:id/api_endpoints List API endpoints in a collection.
PUT /api/managed_users/:id/
api_endpoints/:api_endpoint_id/enable		 Enable an API endpoint in a collection.
PUT /api/managed_users/:id/
api_endpoints/:api_endpoint_id/disable		 Disable an API endpoint in a collection.
GET /api/managed_users/:id/api_clients List all API clients in a customer workspace. Workato includes the project_id of the project associated with the API client in the response. We recommend that you migrate to the List API clients (v2) endpoint to prepare for future deprecation.
GET /api/v2/managed_users/:id/
api_clients		 List all API clients in a customer workspace. Workato includes the project_id of the project associated with the API client in the response.
POST /api/managed_users/:id/api_clients Create a new API client in a customer workspace within a project you specify. We recommend that you migrate to the Create API client (v2) endpoint to prepare for future deprecation.
POST /api/v2/managed_users/:id/
api_clients/api/v2/api_clients		 Create a new API client in a customer workspace within a project you specify.
GET /api/v2/managed_users/:id/
api_clients/:api_client_id		 Retrieve details of an API client in a customer workspace using its ID.
PUT /api/v2/managed_users/:id/
api_clients/:api_client_id		 Update an existing API client within a project you specify in a customer workspace.
DELETE /api/v2/managed_users/:id/
api_clients/:api_client_id		 Delete an existing API client in a customer workspace.
GET /api/managed_users/:id/
api_access_profiles?api_client_id=:client_id		 List access profiles for an API client in a customer workspace. We recommend that you migrate to the List API keys endpoint to prepare for future deprecation.
GET /api/v2/managed_users/:id/
api_clients/:api_client_id/api_keys		 List API keys for an API client in a customer workspace.
POST /api/managed_users/:id/api_access_profiles Create an access profile for an API client in a customer workspace. We recommend that you migrate to the Create API key endpoint to prepare for future deprecation.
POST /api/v2/managed_users/:id/
api_clients/:api_client_id/api_keys		 Create an API key for an API client in a customer workspace.
PUT /api/managed_users/:id/
api_access_profiles/:api_access_profile_id		 Update an access profile for an API client in a customer workspace. We recommend that you migrate to the Update API key endpoint to prepare for future deprecation.
PUT /api/v2/managed_users/:id/
api_clients/:api_client_id/api_keys/:api_key_id		 Update an API key for an API client in a customer workspace.
PUT /api/managed_users/:id/
api_access_profiles/:api_access_profile_id/enable		 Enable an access profile for an API client in a customer workspace. We recommend that you migrate to the Enable API key endpoint to prepare for future deprecation.
PUT /api/v2/managed_users/:id/
api_clients/:api_client_id/api_keys/:api_key_id/enable		 Enable an API key for an API client in a customer workspace.
PUT /api/managed_users/:id/
api_access_profiles/:api_access_profile_id/disable		 Disable an access profile for an API client in a customer workspace. We recommend that you migrate to the Disable API key endpoint to prepare for future deprecation.
PUT /api/v2/managed_users/:id/
api_clients/:api_client_id/api_keys/:api_key_id/disable		 Disable an API key for an API client in a customer workspace.
PUT /api/managed_users/:id/
api_access_profiles/:access_profile_id/refresh_secret		 Refresh an access profile's token or secret. We recommend that you migrate to the Refresh API key secret endpoint to prepare for future deprecation.
POST /api/v2/managed_users/:id/
api_clients/:api_client_id/api_keys/:api_key_id/refresh_secret		 Refresh the authentication token or OAuth 2.0 client secret for an API key in a customer workspace.
DELETE /api/v2/managed_users/:id/
api_clients/:api_client_id/api_keys/:api_key_id		 Delete an existing API key in a customer workspace.
GET /api/v2/managed_users/:id/
api_portals		 List all API portals associated with API clients in a customer workspace.

# Base path

For all the APIs above, the base path is /api/managed_users/:id where the customer ID is required in as a URL parameter.

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.

Example:

https://www.workato.com/api/managed_users/5454/api_collections

# List API collections

List all API collections in a customer workspace. This endpoint returns the project_id of the project to which the collections belong in the response.

GET /api/managed_users/:id/api_collections

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.

# Response

{
    "result": [
        {
            "id": 1388,
            "name": "Zuora sync",
            "version": "5",
            "url": "https://api.na.workato.com/abstergoi/created-collection-v5",
            "api_spec_url": "https://www.workato.com/doc/service/created-collection-v5/swagger?token=65989339c72899ahjk9fb173c657cf9511",
            "created_at": "2020-07-31T08:09:29.062-07:00",
            "updated_at": "2020-07-31T08:19:27.703-07:00",
            "project_id": "523144"
        }
    ]
}

# Create API collection

Create an API collection in a customer workspace within a project you specify.

POST /api/managed_users/:id/api_collections

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.

# Query parameters

Name Type Description
project_id string
required		 The ID of a specific project. Retrieve a list of project IDs using the list projects endpoint.

# Payload

Name Type Description
name string
required		 Name of the collection

# Sample request

curl  -X POST https://www.workato.com/api/managed_users/5454/api_collections?project_id=523144 \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
            "name": "Netsuite customers",
          }'

# Response

{
    "id": 1397,
    "name": "Netsuite customers",
    "version": "1.0",
    "url": "https://api.na.workato.com/abstergoi/netsuite-customers-v1",
    "api_spec_url": "https://www.workato.com/doc/service/netsuite-customers-v1/swagger?token=774513f8a712djkls90s7f5a3165eb96d",
    "created_at": "2020-07-31T08:24:31.439-07:00",
    "updated_at": "2020-07-31T08:24:31.439-07:00"
}

# List API endpoints

Lists all API endpoints in a customer workspace. Specify the api_collection_id to obtain the list of endpoints in a specific collection.

GET /api/managed_users/:id/api_endpoints

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.

# Query parameters

Name Type Description
api_collection_id string
 ID of the API collection. If the parameter is not provided, all API endpoints are returned.

# Sample request

curl  -X GET 'https://www.workato.com/api/managed_users/5454/api_endpoints?api_collection_id=1391' \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

# Response

{
    "result": [
        {
            "id": 9903,
            "api_collection_id": 1391,
            "flow_id": 39999,
            "name": "salesforce search",
            "method": "GET",
            "url": "https://api.na.workato.com/abstergoi/netsuite-customers-v1/salesforce/search",
            "legacy_url": null,
            "base_path": "/abstergoi/netsuite-customers-v1/salesforce/search",
            "path": "salesforce/search",
            "active": false,
            "legacy": false,
            "created_at": "2020-08-05T05:59:55.991-07:00",
            "updated_at": "2020-08-05T05:59:55.991-07:00"
        }
    ]
}

# Enable API endpoint

Enables an API endpoint. The underlying recipe must be started to enable the API endpoint successfully.

PUT /api/managed_users/:id/api_endpoints/:api_endpoint_id/enable

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_endpoint_id string
 ID of the API endpoint.

# Sample request

curl  -X GET https://www.workato.com/api/managed_users/5454/api_endpoints/1213/enable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

# Disable API endpoint

Disables an active API endpoint. The endpoint can no longer be called by a client.

PUT /api/managed_users/:id/api_endpoints/:api_endpoint_id/disable

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_endpoint_id string
 ID of the API endpoint.

# Sample request

curl  -X GET https://www.workato.com/api/managed_users/5454/api_endpoints/1213/disable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

# List API clients

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Migrate to the new List API clients (v2) endpoint before this date to ensure uninterrupted service.

List all API clients in a customer workspace. This endpoint includes the project_id to which the API client belongs in the response.

GET /api/managed_users/:id/api_clients

# Response

{
    "result": [
        {
            "id": 1255,
            "name": "Automation Inc.",
            "created_at": "2020-07-31T03:44:22.435-07:00",
            "updated_at": "2020-07-31T03:44:22.435-07:00",
            "project_id": "523144"
        },
        {
            "id": 1890,
            "name": "Umbrella Corporation",
            "created_at": "2020-07-31T03:44:22.435-07:00",
            "updated_at": "2020-07-31T03:44:22.435-07:00",
            "project_id": "423455"
        }
    ]
}

# List API clients (v2)

List all API clients in a customer workspace. This endpoint includes the project_id of the API client in the response.

GET /api/v2/managed_users/:id/api_clients

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.

# Sample request

curl -X GET 'https://www.workato.com/api/v2/managed_users/E12345/api_clients' \
     -H 'Authorization: Bearer <api_token>'

# Response

{
    "data": [
        {
            "id": 1,
            "name": "Test client",
            "description": "",
            "active_api_keys_count": 2,
            "total_api_keys_count": 2,
            "created_at": "2023-05-25T08:08:21.413-07:00",
            "updated_at": "2024-10-25T03:52:07.122-07:00",
            "logo": "https://s3-48296.devenv.awstf.workato.com/paperclip/api_customers/logos/000/000/001/small/psyduck.png?1729853526",
            "logo_2x": "https://s3-48296.devenv.awstf.workato.com/paperclip/api_customers/logos/000/000/001/medium/psyduck.png?1729853526",
            "is_legacy": true,
            "api_policies": [
                {
                    "id": 2,
                    "name": "Internal – Admins"
                }
            ],
            "api_collections": [
                {
                    "id": 1,
                    "name": "Echo collection"
                },
                {
                    "id": 2,
                    "name": "Proxy"
                },
                {
                    "id": 4,
                    "name": "Proxy to Vlad's API collection"
                },
                {
                    "id": 6,
                    "name": "San Sanych"
                }
            ]
        }
    ],
    "count": 1,
    "page": 1,
    "per_page": 100
}

# Create API client

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Create an API client (v2) endpoint before this date to ensure uninterrupted service.

Create a new API client in a customer workspace within a project you specify.

POST /api/managed_users/:id/api_clients

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.

# Query parameters

This endpoint does not require any query parameters.

# Payload

Name Type Description
name string
required		 Name of the client.

# Sample request

curl  -X POST https://www.workato.com/api/managed_users/5454/api_clients?project_id=523144 \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
            "name": "Automation Inc.",
          }'

# Response

{
    "id": 1255,
    "name": "Automation Inc.",
    "created_at": "2020-07-31T03:44:22.435-07:00",
    "updated_at": "2020-07-31T03:44:22.435-07:00"
}

# Create an API client (v2)

Create a new API client in a specified project in a customer workspace.

POST /api/v2/managed_users/:id/api_clients

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.

# Payload

Name Type Description
name string
required		 Name of the client.
description string
optional		 Description of the client.
project_id integer
optional		 ID of the project where you plan to create the client.
api_portal_id integer
conditional		 The ID of the API portal to assign the client, if applicable. Required when the email field is provided in the request payload.
email string
conditional		 Email address for the client. Required if api_portal_id exists.
api_collection_ids array
required		 IDs of API collections to assign to the client.
api_policy_id integer
optional		 ID of the API policy to apply.
auth_type string
required		 Authentication method to validate requests. Supported types include token, jwt, oauth2 and oidc.
jwt_method string
conditional		 The JWT signing method. Required when auth_type is jwt. Supported methods include hmac (HMAC) and rsa (RSA).
jwt_secret string
conditional		 HMAC shared secret or RSA public key. Required when auth_type is jwt.
oidc_issuer string
conditional		 Discovery URL for the OIDC identity provider. Specify this or oidc_jwks_uri when auth_type is jwt or oidc.
oidc_jwks_uri string
conditional		 JWKS URL for the OIDC identity provider. Specify this or oidc_issuer when auth_type is jwt or oidc.
access_profile_claim string
conditional		 JWT claim key used to identify the access profile. Applicable when auth_type is jwt or oidc. Learn more.
required_claims array
conditional		 List of claims to enforce. Applicable when auth_type is jwt or oidc.
allowed_issuers array
conditional		 List of issuers (iss claim) to allow. If the iss claim is enforced in required_claims, leave this blank to allow any issuer. Applicable when auth_type is jwt or oidc.

# Sample request

curl -X POST https://www.workato.com/api/v2/managed_users/E12345/api_clients \
     -H 'Authorization: Bearer <api_token>' \
     -H 'Content-Type: application/json' \
     -d '{
            "name": "Automation Inc.",
            "description": "API client for Product Catalog",
            "api_collection_ids": [6883],
            "api_portal_id": 37,
            "auth_type": "token",
            "api_policy_id": 1,
            "email": "[email protected]"
        }'

# Response

{
    "data": {
        "id": 42116,
        "name": "Automation Inc.",
        "description": "API client for Product Catalog",
        "active_api_keys_count": 0,
        "total_api_keys_count": 0,
        "created_at": "2025-02-12T08:36:51.748+05:30",
        "updated_at": "2025-02-12T08:36:51.748+05:30",
        "is_legacy": false,
        "email": "[email protected]",
        "auth_type": "token",
        "api_collections": [
            {
                "id": 6883,
                "name": "Product Catalog"
            }
        ]
    }
}

# Get API client

Retrieve details of an API client in a customer workspace using its ID.

GET /api/v2/managed_users/:id/api_clients/:api_client_id

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_client_id string
required		 ID of the API client to retrieve.

# Sample request

curl -X GET 'https://www.workato.com/api/v2/managed_users/E12345/api_clients/42116' \
     -H 'Authorization: Bearer <api_token>'

# Response

{
    "data": {
        "id": 42116,
        "name": "Automation Inc.",
        "description": "API client for Product Catalog",
        "active_api_keys_count": 0,
        "total_api_keys_count": 0,
        "created_at": "2025-02-12T08:36:51.748+05:30",
        "updated_at": "2025-02-12T08:36:51.748+05:30",
        "is_legacy": false,
        "email": "[email protected]",
        "auth_type": "token",
        "api_collections": [
            {
                "id": 6883,
                "name": "Product Catalog"
            }
        ],
        "api_keys": []
    }
}

# Update API client

Update an existing API client within a project you specify in a customer workspace.

PUT /api/v2/managed_users/:id/api_clients/:api_client_id

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_client_id string
required		 ID of the API client to update.

# Payload

Name Type Description
name string
required		 Updated name of the client.
description string
optional		 Updated description of the client.
project_id integer
optional		 Updated project ID associated with the client.
email string
optional		 Updated email address for the client.
api_collection_ids array
required		 Updated list of API collections assigned to the client.
api_policy_id integer
optional		 Updated API policy ID.
jwt_method string
conditional		 Updated JWT signing method. Required when auth_type is jwt. Supported methods include hmac (HMAC) and rsa (RSA).
jwt_secret string
conditional		 Updated HMAC shared secret or RSA public key. Required when auth_type is jwt.
oidc_issuer string
conditional		 Updated discovery URL for the OIDC identity provider. Specify this or oidc_jwks_uri when auth_type is jwt or oidc.
oidc_jwks_uri string
conditional		 Updated JWKS URL for the OIDC identity provider. Specify this or oidc_issuer when auth_type is jwt or oidc.
access_profile_claim string
conditional		 Updated JWT claim key used to identify the access profile. Applicable when auth_type is jwt or oidc. Learn more.
required_claims array
conditional		 Updated list of claims to enforce. Applicable when auth_type is jwt or oidc.
allowed_issuers array
conditional		 Updated list of issuers (iss claim) to allow. If the iss claim is enforced in required_claims, leave this blank to allow any issuer. Applicable when auth_type is jwt or oidc.

# Sample request

curl -X PUT 'https://www.workato.com/api/v2/managed_users/E12345/api_clients/42116' \
     -H 'Authorization: Bearer <api_token>' \
     -H 'Content-Type: application/json' \
     -d '{
           "name": "Mustard Inc.",
           "description": "API client for Automation workflows"
         }'

# Response

{
    "data": {
        "id": 42116,
        "name": "Mustard Inc.",
        "description": "API client for Automation workflows",
        "active_api_keys_count": 0,
        "total_api_keys_count": 0,
        "created_at": "2025-02-12T08:36:51.748+05:30",
        "updated_at": "2025-02-12T08:40:27.607+05:30",
        "is_legacy": false,
        "email": "[email protected]",
        "auth_type": "token",
        "api_collections": [
            {
                "id": 6883,
                "name": "1"
            }
        ],
        "api_keys": []
    }
}

# Delete API client

Delete an existing API client in a customer workspace.

DELETE /api/v2/managed_users/:managed_user_id/api_clients/:api_client_id

# Sample request

curl -X DELETE 'https://www.workato.com/api/v2/managed_users/12345/api_clients/42116' \
  -H 'Authorization: Bearer <api_token>'

# Response

{
    "success": true
}

# List access profiles

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new List API keys endpoint before this date to ensure uninterrupted service.

List all access profiles belonging to an API client in a customer workspace. If you don't provide an API client ID, the resource lists all access profiles for all API clients in the customer workspace.

GET /api/managed_users/:id/api_access_profiles?api_client_id=:client_id

# Path parameters

Name Type Description
id string
required		 Provide an Embedded customer ID or external ID to retrieve access profiles belonging to that customer workspace.
The External ID must be URL encoded and prefixed with an E (for example, EA2300).
api_client_id string
optional		 API client ID for the client that you plan to retrieve access profiles from.
api_token string
required		 The API token is the token for any API client in your Embedded API platform. You can create a new Embedded API platform API client in your admin account by going to Workspace access > API clients.

# Sample request

curl  -X GET 'https://www.workato.com/api/managed_users/4243/api_access_profiles?api_client_id=1255'\
      -H 'Authorization: Bearer <api_token>'

# Response


"result": [
    {
      "id": 31387,
      "name": "Financial API Client",
      "api_client_id": 4663,
      "api_collection_ids": [
        3574
      ],
      "active": true,
      "auth_type": "token",
      "created_at": "2023-11-21T09:58:30.980-09:00",
      "updated_at": "2023-11-21T09:58:30.980-09:00"
    }
  ]

# List API keys

Retrieve all API keys for an API client in a customer workspace. You can optionally provide the api_client_id parameter to filter API keys for a specific client. If you don’t provide the api_client_id parameter, the endpoint returns API keys for all clients in the customer workspace.

GET /api/v2/managed_users/:id/api_clients/:api_client_id/api_keys

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_client_id string
optional		 ID of the API client to filter API keys. If you don't specify the api_client_id in the request, the endpoint returns API keys for all clients in the workspace.

# Sample request

curl -X GET 'https://www.workato.com/api/v2/managed_users/E12345/api_clients/933084/api_keys' \
      -H 'Authorization: Bearer <api_token>'

# Response

{
    "data": [
        {
            "id": 17,
            "name": "Heat",
            "auth_type": "token",
            "ip_allow_list": [],
            "ip_deny_list": [
                "192.168.0.1"
            ],
            "active": true,
            "active_since": "2025-02-04T18:57:35-08:00",
            "auth_token": "dda2"
        }
    ],
    "count": 1,
    "page": 1,
    "per_page": 100
}

# Create access profile

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Create an API key endpoint before this date to ensure uninterrupted service.

Create an access profile belonging to an API client in a customer workspace. To use this endpoint, the customer workspace must have at least one API collection to assign to the access profile.

The response returned depends on the auth type chosen (Auth token, JSON web token or OAuth 2.0).

  • Auth token authorization will return the auth token in the secret response
  • JWT token has 2 signing methods: HMAC and RSA. Depending on the chosen method, the respective secret or public is required in the payload
  • OAuth 2.0 authorization will return the client ID and secret in oauth_client_id and oauth_client secret
POST /api/managed_users/:id/api_access_profiles

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded. token jwt oauth2

# Query parameters

Name Type Description
api_client_id string
required		 API client ID.

# Payload

Name Type Description
name string
required		 Name of the access profile
api_collection_ids List of integers
required		 IDs of collections to add to the access profile
active boolean
required		 Whether the access profile is disabled or enabled. A client with a disabled access profile cannot call any APIs.
auth_type string
required		 Authentication method to validate requests. Available options are: token, jwt and oauth2 for Auth token, JSON web token and OAuth 2.0 respectively.
jwt_method string The JWT signing method. If the auth_type is jwt, this is required. Available options are hmac and rsa for HMAC and RSA respectively.
jwt_secret string Based on the method, specify the HMAC shared secret or the RSA public key.

# Sample request (Auth token)

curl  -X POST 'https://www.workato.com/api/managed_users/4243/api_access_profiles?api_client_id=1255'\
      -H 'Authorization: Bearer <api_token>' \
      -d '{
  	          "name": "Sales team",
  	          "api_collection_ids": [1391, 1388],
              "auth_type": "token",
  	          "active": true
           }'

# Sample request (JWT HMAC)

curl  -X POST 'https://www.workato.com/api/managed_users/4243/api_access_profiles?api_client_id=1255'\
      -H 'Authorization: Bearer <api_token>' \
      -d '{
	           "name": "HMAC API",
	           "api_collection_ids": [1391, 1388],
	           "auth_type": "jwt",
	           "jwt_method": "rsa",
	           "jwt_secret": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ngjihh5hXDRe0c1qPNc\nrF7RIoAG/iNZXruTspeX8e2auMBXTwVI0sLgwUo26lMXCRAvC004JWKugzh1UHXY\nsjmtwZFRznqhb/ojJDi785+zbmVNLWmbIB/ChBUyckBSExsmR0nOpQhiW0przr2J\ncQIDAQAB\n-----END PUBLIC KEY-----",
	           "active": true
           }'

# Response (Auth token)

{
    "id": 26967,
    "name": "Sales team",
    "api_group_ids": [
        1391,
        1388
    ],
    "active": true,
    "auth_type": "token",
    "jwt_method": null,
    "jwt_secret": null,
    "oauth_client_id": null,
    "oauth_client_secret": null,
    "secret": "xxxxxxxxxxx",
    "created_at": "2020-07-31T09:48:55.337-07:00",
    "updated_at": "2020-07-31T09:48:55.337-07:00"
}

# Create an API key

Create an API key for an API client in a customer workspace.

POST /api/v2/managed_users/:id/api_clients/:api_client_id/api_keys

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_client_id string
required		 Provide the ID of the API client you plan to create the API key for.

# Payload

Name Type Description
name string
required		 Name of the API key.
active boolean
required		 Indicates whether the API key is enabled or disabled. Disabled keys cannot call any APIs.
ip_allow_list array
optional		 List of IP addresses to add to the allowlist.
ip_deny_list array
optional		 List of IP addresses to deny requests from.

# Sample request

curl -X POST 'https://www.workato.com/api/v2/managed_users/E12345/api_clients/933084/api_keys' \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
            "name": "Automation Inc.",
            "active": true,
            "ip_allow_list": ["8.8.8.8/24"],
            "ip_deny_list": ["192.168.0.0/16"]
          }'

# Response

{
    "data": {
        "id": 37326,
        "name": "Automation Inc.",
        "auth_type": "token",
        "ip_allow_list": ["8.8.8.8/24"],
        "ip_deny_list": ["192.168.0.0/16"],
        "active": true,
        "active_since": "2025-02-12T08:41:44+05:30",
        "auth_token": "72b378def0c1d83e6a015e654a744c380655565a68c591cf9f3598d0d14bdb5f"
    }
}

# Update access profile

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Update an API key endpoint before this date to ensure uninterrupted service.

Update an access profile belonging to an API client in a customer workspace.

The response returned depends on the auth type chosen (Auth token, JSON web token or OAuth 2.0).

  • Auth token authorization will return the auth token in the secret response
  • JWT token has 2 signing methods: HMAC and RSA. Depending on the chosen method, the respective secret or public is required in the payload
  • OAuth 2.0 authorization will return the client ID and secret in oauth_client_id and oauth_client secret
PUT /api/managed_users/:id/api_access_profiles/:api_access_profile_id

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_access_profile_id string
required		 API access profile ID.

# Query parameters

Name Type Description
api_client_id string
required		 API client ID.

# Payload

Name Type Description
name string
required		 Name of the access profile
api_collection_ids string
required		 IDs of collections to add to the access profile
active boolean
required		 Whether the access profile is disabled or enabled. A client with a disabled access profile cannot call any APIs.
auth_type string
required		 Authentication method to validate requests. Available options are: token, jwt and oauth2 for Auth token, JSON web token and OAuth 2.0 respectively.
jwt_method string The JWT signing method. If the auth_type is jwt, this is required. Available options are hmac and rsa for HMAC and RSA respectively.
jwt_secret string Based on the method, specify the HMAC shared secret or the RSA public key.

# Sample request (Auth token)

curl  -X PUT 'https://www.workato.com/api/managed_users/4243/api_access_profiles/178294?api_client_id=1255'\
      -H 'Authorization: Bearer <api_token>' \
      -d '{
  	          "name": "Sales team",
  	          "api_collection_ids": [1391, 1388],
              "auth_type": "token",
  	          "active": true
           }'

# Update an API key

Update an API key for an API client in a customer workspace.

PUT /api/v2/managed_users/:id/api_clients/:api_client_id/api_keys/:api_key_id

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_client_id string
required		 Specify the ID of the API client associated with the API key you plan to update.
api_key_id string
required		 ID of the API key to update.

# Payload

Name Type Description
name string
optional		 Updated name of the API key.
ip_allow_list array
optional		 Updated list of IP addresses to allow.
ip_deny_list array
optional		 Updated list of IP addresses to deny requests from.

# Sample request

curl -X PUT 'https://www.workato.com/api/v2/managed_users/E12345/api_clients/933084/api_keys/2454' \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
              "name": "Mustard Inc.",
              "ip_allow_list": ["8.8.8.8/24"],
              "ip_deny_list": ["192.168.0.0/16"]
          }'

# Response

{
    "data": {
        "id": 37326,
        "name": "Mustard Inc.",
        "auth_type": "token",
        "ip_allow_list": ["8.8.8.8/24"],
        "ip_deny_list": ["192.168.0.0/16"],
        "active": false,
        "active_since": "2025-02-12T08:41:44+05:30",
        "auth_token": "db5f"
    }
}

# Enable access profile

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Enable an API key endpoint before this date to ensure uninterrupted service.

Enable an access profile belonging to an API client in a customer workspace. Enabling an access profile allows API calls to be accepted with the enabled profile.

This call returns success or error messages for Unauthorized/Bad requests.

PUT /api/managed_users/:id/api_access_profiles/:api_access_profile_id/enable

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_access_profile_id string
required		 ID of the access profile.

# Sample request (Auth token)

curl  -X PUT https://www.workato.com/api/managed_users/1279482/api_access_profiles/1213/enable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

# Enable API key

Enable an API key for an API client in a customer workspace.

PUT /api/v2/managed_users/:id/api_clients/:api_client_id/api_keys/:api_key_id/enable

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_client_id string
required		 Specify the ID of the API client associated with the API key you plan to enable.
api_key_id string
required		 ID of the API key to enable.

# Sample request

curl -X PUT 'https://www.workato.com/api/v2/managed_users/E12345/api_clients/933084/api_keys/2454/enable' \
      -H 'Authorization: Bearer <api_token>'

# Response

{
    "success": true
}

# Disable access profile

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Disable an API key endpoint before this date to ensure uninterrupted service.

Disable an access profile belonging to an API client in a customer workspace. Disabling an access profile will stop allowing API calls to be accepted with the access profile.

This call returns success or error messages for Unauthorized/Bad requests.

PUT /api/managed_users/:id/api_access_profiles/:api_access_profile_id/disable

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_access_profile_id string
required		 ID of the access profile.

# Sample request (Auth token)

curl  -X PUT https://www.workato.com/api/managed_users/127894/api_access_profiles/1213/disable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

# Disable API key

Disable an API key for an API client in a customer workspace.

PUT /api/v2/managed_users/:id/api_clients/:api_client_id/api_keys/:api_key_id/disable

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_client_id string
required		 Specify the ID of the API client associated with the API key you plan to disable.
api_key_id string
required		 ID of the API key to disable.

# Sample request

curl -X PUT 'https://www.workato.com/api/v2/managed_users/E12345/api_clients/933084/api_keys/2454/disable' \
      -H 'Authorization: Bearer <api_token>'

# Response

{
    "success": true
}

# Refresh token/secret

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Refresh API key secret endpoint before this date to ensure uninterrupted service.

Refreshes the auth token or OAuth 2.0 client secret. This endpoint will fail if the authorization type on the access profile is JWT.

The response returned depends on the authorization type of the access profile (Auth token or OAuth 2.0).

  • Auth token authorization will return a new auth token in the secret response
  • OAuth 2.0 authorization will return a new client ID and secret in oauth_client_id and oauth_client secret
PUT /api/managed_users/:id/api_access_profiles/:access_profile_id/refresh_secret

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
access_profile_id string
required		 API access profile ID

# Response (Auth token)

{
    "id": 26962,
    "name": "Sales team",
    "api_client_id": 1255,
    "api_collection_ids": [
        1391
    ],
    "active": true,
    "auth_type": "token",
    "jwt_method": null,
    "jwt_secret": null,
    "oauth_client_id": null,
    "oauth_client_secret": null,
    "secret": "xxxxxxxxxxx",
    "created_at": "2020-07-31T09:10:03.310-07:00",
    "updated_at": "2020-08-05T06:08:46.290-07:00"
}

# Refresh API key secret

Refreshes the auth token or OAuth 2.0 client secret in a customer workspace.

PUT /api/v2/managed_users/:id/api_clients/:api_client_id/api_keys/:api_key_id/refresh_secret

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.
api_client_id string
required		 Specify the ID of the API client associated with the API key.
api_key_id string
required		 ID of the API key to refresh.

# Sample request

curl -X PUT 'https://www.workato.com/api/v2/managed_users/E12345/api_clients/933084/api_keys/3455/refresh_secret' \
      -H 'Authorization: Bearer <api_token>'

# Response

{
    "data": {
        "id": 3455,
        "name": "Mustard Inc.",
        "auth_type": "token",
        "ip_allow_list": ["8.8.8.8/24"],
        "ip_deny_list": ["192.168.0.0/16"],
        "active": true,
        "active_since": "2025-02-12T08:44:37+05:30",
        "auth_token": "572d581d91860a7c6372e9390699e26ac5917ac2520e1a917fba43b56d11edbe"
    }
}

# Delete API key

Delete an API key for an API client in a customer workspace.

DELETE /api/v2/managed_users/:managed_user_id/api_clients/:api_client_id/api_keys/:api_key_id

# Sample request

curl -X DELETE 'https://www.workato.com/api/v2/managed_users/12345/api_clients/933084/api_keys/3455' \
  -H 'Authorization: Bearer <api_token>'

# Response

{
    "success": true
}

# List API portals

List all API portals associated with API clients in a customer workspace.

GET /api/v2/managed_users/:id/api_portals

# Path parameters

Name Type Description
id string
required		 Embedded customer ID/external ID.
External ID must be prefixed with an E (for example, EA2300) and the resulting ID should be URL encoded.

# Sample request

curl -X GET 'https://www.workato.com/api/v2/managed_users/E12345/api_portals' \
      -H 'Authorization: Bearer <api_token>'

# Response

{
    "data": [
        {
            "id": 37,
            "user_id": 14487,
            "name": "IDEA Lifestyle",
            "subdomain": "idea",
            "brand_color": "#371093",
            "api_collection_ids": [
                6882
            ],
            "created_at": "2024-12-13T08:46:37.125+05:30",
            "updated_at": "2025-02-10T14:10:21.440+05:30",
            "logo": "https://workato-staging-assets.s3.amazonaws.com/api_portal/models/portals/logos/000/000/037/small/007.png?1734059797",
            "logo_2x": "https://workato-staging-assets.s3.amazonaws.com/api_portal/models/portals/logos/000/000/037/medium/007.png?1734059797"
        }
    ],
    "count": 1,
    "page": 1,
    "per_page": 100
}
Resources
Connections


Last updated: 2/24/2025, 6:52:34 AM

On this page