API platform

The API platform APIs allow users to programmatically create and manage API Platform assets like endpoints, collections, clients, and access profiles.

API platform endpoints allow up to 10 requests per second.

DEPRECATION NOTICE

The following endpoints are scheduled for deprecation on December 1, 2025:

• List API clients
• Create an API client
• List access profiles
• Create an access profile
• Update an access profile
• Enable access profile
• Disable access profile
• Refresh token/secret

Migrate to the following endpoints before this date to avoid service interruptions:

• List API clients (v2)
• Create an API client (v2)
• List API keys
• Create an API key
• Update an API key
• Enable API key
• Disable API key
• Refresh API key secret

Quick reference

Type	Resource	Description
GET	/api/api_collections	List API collections. The endpoint returns the project_id of the project to which the collections belong in the response.
POST	/api/api_collections	Create an API collection within a project you specify.
GET	/api/api_endpoints	List API endpoints in a collection.
PUT	/api/api_endpoints/:api_endpoint_id/enable	Enable an API endpoint in a collection.
PUT	/api/api_endpoints/:api_endpoint_id/disable	Disable an API endpoint in a collection.
GET	/api/api_clients	List all API clients. We recommend that you migrate to the List API clients (v2) endpoint to prepare for future deprecation.
GET	/api/v2/api_clients	List all API clients. Workato includes the project_id of the project associated with the API client in the response.
POST	/api/api_clients	Create a new API client within a project you specify. We recommend that you migrate to the Create API client (v2) endpoint to prepare for future deprecation.
POST	/api/v2/api_clients	Create a new API client within a project you specify.
GET	/api/v2/api_clients/:api_client_id	Retrieve details of an API client by ID.
PUT	/api/v2/api_clients/:api_client_id	Update an existing API client within a project you specify.
DELETE	/api/v2/api_clients/:api_client_id	Delete an existing API client.
GET	/api/api_access_profiles	List access profiles for an API client. We recommend that you migrate to the List API keys endpoint to prepare for future deprecation.
GET	/api/v2/api_clients/:api_client_id/api_keys	List API keys for an API client.
POST	/api/api_access_profiles	Create an access profile for an API client. We recommend that you migrate to the Create API key endpoint to prepare for future deprecation.
POST	/api/v2/api_clients/:api_client_id/api_keys	Create an API key for an API client.
PUT	/api/api_access_profiles/:api_access_profile_id	Update an access profile for an API client. We recommend that you migrate to the Update API key endpoint to prepare for future deprecation.
PUT	/api/v2/api_clients/:api_client_id/api_keys/:api_key_id	Update an API key for an API client.
PUT	/api/api_access_profiles/ :api_access_profile_id/enable	Enable an access profile for an API client. We recommend that you migrate to the Enable API key endpoint to prepare for future deprecation.
PUT	/api/v2/api_clients/:api_client_id/ api_keys/:api_key_id/enable	Enable an API key for an API client.
PUT	/api/api_access_profiles/:api_access_profile_id/disable	Disable an access profile for an API client. We recommend that you migrate to the Disable API key endpoint to prepare for future deprecation.
PUT	/api/v2/api_clients/:api_client_id/ api_keys/:api_key_id/disable	Disable an API key for an API client.
PUT	/api/api_access_profiles/:access_profile_id/refresh_secret	Refresh the token or secret for an access profile. We recommend that you migrate to the Refresh API key secret endpoint to prepare for future deprecation.
PUT	/api/v2/api_clients/:api_client_id/ api_keys/:api_key_id/refresh_secret	Refresh the authentication token or OAuth 2.0 client secret for an API key.
DELETE	/api/v2/api_clients/:api_client_id/api_keys/:api_key_id	Delete an existing API key.
GET	/api/v2/api_portals	List all API portals associated with API clients in your workspace.

List API collections

List all API collections. The endpoint returns the project_id of the project to which the collections belong in the response.

GET /api/api_collections

Query parameters

Name	Type	Description
per_page	integer	Number of API collections to return in a single page. Defaults to 100. Max is 100.
page	integer	Page number of the API collections to fetch. Defaults to 1.

Response

[
    {
        "id": 1361,
        "name": "Quote to cash",
        "version": "1.0",
        "url": "https://api.peatql.io/quote-to-cash-v1",
        "api_spec_url": "https://www.workato.com/doc/service/quote-to-cash-v1/swagger?token=4cab5bdf2cebbe2b4ahjkc9ac175f60c",
        "created_at": "2020-06-15T22:20:15.327-07:00",
        "updated_at": "2020-06-15T22:20:15.327-07:00",
        "project_id": "523144"
    }
]

Create an API collection

Create an API collection within a project you specify.

POST /api/api_collections

Query parameters

Name	Type	Description
project_id	string required	The ID of a specific project. Retrieve a list of project IDs using the list projects endpoint.

Payload

Name	Type	Description
name	string required	Name of the collection

Sample request

curl  -X POST https://www.workato.com/api/api_collections?project_id=523144 \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
            "name": "Netsuite customers"
          }'

Response

{
    "id": 1391,
    "name": "Netsuite customers",
    "version": "1.0",
    "url": "https://api.na.workato.com/abstergoi/netsuite-customers-v1",
    "api_spec_url": "https://www.workato.com/doc/service/netsuite-customers-v1/swagger?token=774513f8a712djkls90s7f5a3165eb96d",
    "created_at": "2020-07-31T08:24:31.439-07:00",
    "updated_at": "2020-07-31T08:24:31.439-07:00"
}

List API endpoints

Lists all API endpoints. Specify the api_collection_id to obtain the list of endpoints in a specific collection.

GET /api/api_endpoints

Query parameters

Name	Type	Description
api_collection_id	string	ID of the API collection. If the parameter is not provided, all API endpoints are returned.
per_page	integer	Number of API endpoints to return in a single page. Defaults to 100. Max is 100.
page	integer	Page number of the API endpoints to fetch. Defaults to 1.

Sample request

curl  -X GET 'https://www.workato.com/api/api_endpoints?api_collection_id=1391' \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

Response

[
  {
      "id": 9903,
      "api_collection_id": 1391,
      "flow_id": 39999,
      "name": "salesforce search",
      "method": "GET",
      "url": "https://api.na.workato.com/abstergoi/netsuite-customers-v1/salesforce/search",
      "legacy_url": null,
      "base_path": "/abstergoi/netsuite-customers-v1/salesforce/search",
      "path": "salesforce/search",
      "active": false,
      "legacy": false,
      "created_at": "2020-08-05T05:59:55.991-07:00",
      "updated_at": "2020-08-05T05:59:55.991-07:00"
  }
]

Enable an API endpoint

Enables an API endpoint. The underlying recipe must be started to enable the API endpoint successfully.

PUT /api/api_endpoints/:api_endpoint_id/enable

Path parameters

Name	Type	Description
api_endpoint_id	string	ID of the API endpoint.

Sample request

curl  -X PUT https://www.workato.com/api/api_endpoints/1213/enable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

Disable an API endpoint

Disables an active API endpoint. The endpoint can no longer be called by a client.

PUT /api/api_endpoints/:api_endpoint_id/disable

Path parameters

Name	Type	Description
api_endpoint_id	string	ID of the API endpoint.

Sample request

curl  -X PUT https://www.workato.com/api/api_endpoints/1213/disable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

List API clients

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new List API clients (v2) endpoint before this date to ensure uninterrupted service.

List all API clients. This endpoint includes the project_id to which the API client belongs in the response.

GET /api/api_clients

Response

[
  {
      "id": 1255,
      "name": "Automation Inc.",
      "created_at": "2020-07-31T03:44:22.435-07:00",
      "updated_at": "2020-07-31T03:44:22.435-07:00",
      "project_id" : "523144"
  },
  {
      "id": 1890,
      "name": "Umbrella Corporation",
      "created_at": "2020-07-31T03:44:22.435-07:00",
      "updated_at": "2020-07-31T03:44:22.435-07:00",
      "project_id": "423455"
  }
]

List API clients (v2)

List all API clients. This endpoint includes the project_id of the API client in the response.

GET /api/v2/api_clients

Sample request

curl -X GET https://www.workato.com/api/v2/api_clients \
     -H 'Authorization: Bearer <api_token>'

Response

{
  "data": [
    {
      "id": 1,
      "name": "Test client",
      "description": "",
      "active_api_keys_count": 2,
      "total_api_keys_count": 2,
      "created_at": "2023-05-25T08:08:21.413-07:00",
      "updated_at": "2024-10-25T03:52:07.122-07:00",
      "logo": "https://s3-48296.alexv.awstf.workato.com/paperclip/api_customers/logos/000/000/001/small/psyduck.png?1729853526",
      "logo_2x": "https://s3-48296.alexv.awstf.workato.com/paperclip/api_customers/logos/000/000/001/medium/psyduck.png?1729853526",
      "is_legacy": true,
      "api_policies": [
        {
          "id": 2,
          "name": "Internal – Admins"
        }
      ],
      "api_collections": [
        {
          "id": 1,
          "name": "Echo collection"
        },
        {
          "id": 2,
          "name": "Proxy"
        },
        {
          "id": 4,
          "name": "Proxy to Alex's API collection"
        },
        {
          "id": 6,
          "name": "San Sanych"
        }
      ]
    }
  ],
  "count": 1,
  "page": 1,
  "per_page": 100
}

Create an API client

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Create an API client (v2) endpoint before this date to ensure uninterrupted service.

Create a new API client within a project you specify.

POST /api/api_clients

Query parameters

Name	Type	Description
project_id	string required	The ID of a specific project. Retrieve a list of project IDs by using the list projects endpoint.

Payload

Name	Type	Description
name	string required	Name of the client.

Sample request

curl  -X POST https://www.workato.com/api/api_clients?project_id=523144 \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
            "name": "Automation Inc.",
          }'

Response

{
    "id": 1255,
    "name": "Automation Inc.",
    "created_at": "2020-07-31T03:44:22.435-07:00",
    "updated_at": "2020-07-31T03:44:22.435-07:00"
}

Create an API client (v2)

Create a new API client within a project you specify.

POST /api/v2/api_clients

Payload

Name	Type	Description
name	string required	Name of the client.
description	string optional	Description of the client.
project_id	integer optional	ID of the project to create the client in, if applicable.
api_portal_id	integer conditional	The ID of the API portal to assign the client, if applicable. Required when the email field is provided in the request payload.
email	string conditional	Email address for the client. Required if api_portal_id exists.
api_collection_ids	array required	IDs of API collections to assign to the client.
api_policy_id	integer optional	ID of the API policy to apply.
auth_type	string required	Authentication method to validate requests. Supported types include token, jwt, oauth2 and oidc.
jwt_method	string conditional	The JWT signing method. Required when auth_type is jwt. Supported methods include hmac (HMAC) and rsa (RSA).
jwt_secret	string conditional	HMAC shared secret or RSA public key. Required when auth_type is jwt.
oidc_issuer	string conditional	Discovery URL for the OIDC identity provider. Specify this or oidc_jwks_uri when auth_type is jwt or oidc.
oidc_jwks_uri	string conditional	JWKS URL for the OIDC identity provider. Specify this or oidc_issuer when auth_type is jwt or oidc.
access_profile_claim	string conditional	JWT claim key used to identify the access profile. Applicable when auth_type is jwt or oidc. Learn more.
required_claims	array conditional	List of claims to enforce. Applicable when auth_type is jwt or oidc.
allowed_issuers	array conditional	List of issuers (iss claim) to allow. If the iss claim is enforced in required_claims, leave this blank to allow any issuer. Applicable when auth_type is jwt or oidc.

Sample request

curl -X POST https://www.workato.com/api/v2/api_clients \
     -H 'Authorization: Bearer <api_token>' \
     -H 'Content-Type: application/json' \
     -d '{
            "name": "Automation Inc.",
            "description": "API client for Product Catalog",
            "api_collection_ids": [6883],
            "api_portal_id": 37,
            "auth_type": "token",
            "api_policy_id": 1,
            "email": "[email protected]"
        }'

Response

{
    "data": {
        "id": 42116,
        "name": "Automation Inc.",
        "description": "API client for Product Catalog",
        "active_api_keys_count": 0,
        "total_api_keys_count": 0,
        "created_at": "2025-02-12T08:36:51.748+05:30",
        "updated_at": "2025-02-12T08:36:51.748+05:30",
        "is_legacy": false,
        "email": "[email protected]",
        "auth_type": "token",
        "api_collections": [
            {
                "id": 6883,
                "name": "Product Catalog"
            }
        ]
    }
}

Get API client

Retrieve details of an API client by ID.

GET /api/v2/api_clients/:api_client_id

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client to retrieve.

Sample request

curl -X GET https://www.workato.com/api/v2/api_clients/42116 \
     -H 'Authorization: Bearer <api_token>'

Response

{
    "data": {
        "id": 42116,
        "name": "Automation Inc.",
        "description": "API client for Product Catalog",
        "active_api_keys_count": 0,
        "total_api_keys_count": 0,
        "created_at": "2025-02-12T08:36:51.748+05:30",
        "updated_at": "2025-02-12T08:36:51.748+05:30",
        "is_legacy": false,
        "email": "[email protected]",
        "auth_type": "token",
        "api_collections": [
            {
                "id": 6883,
                "name": "Product Catalog"
            }
        ],
        "api_keys": []
    }
}

Update API client

Update an existing API client within a project you specify.

PUT /api/v2/api_clients/:api_client_id

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client to update.

Payload

Name	Type	Description
name	string required	Updated name of the client.
description	string optional	Updated description of the client.
project_id	integer optional	Updated project ID associated with the client.
email	string optional	Updated email address for the client.
api_collection_ids	array required	Updated list of API collections assigned to the client.
api_policy_id	integer required	Updated API policy ID.
jwt_method	string conditional	Updated JWT signing method. Required when auth_type is jwt. Supported methods include hmac (HMAC) and rsa (RSA).
jwt_secret	string conditional	Updated HMAC shared secret or RSA public key. Required when auth_type is jwt.
oidc_issuer	string conditional	Updated discovery URL for the OIDC identity provider. Specify this or oidc_jwks_uri when auth_type is jwt or oidc.
oidc_jwks_uri	string conditional	Updated JWKS URL for the OIDC identity provider. Specify this or oidc_issuer when auth_type is jwt or oidc.
access_profile_claim	string conditional	Updated JWT claim key used to identify the access profile. Applicable when auth_type is jwt or oidc. Learn more.
required_claims	array conditional	Updated list of claims to enforce. Applicable when auth_type is jwt or oidc.
allowed_issuers	array conditional	Updated list of issuers (iss claim) to allow. If the iss claim is enforced in required_claims, leave this blank to allow any issuer. Applicable when auth_type is jwt or oidc.

Sample request

curl -X PUT https://www.workato.com/api/v2/api_clients/42116 \
     -H 'Authorization: Bearer <api_token>' \
     -H 'Content-Type: application/json' \
     -d '{
           "name": "Mustard Inc.",
           "description": "API client for Automation workflows"
         }'

Response

{
    "data": {
        "id": 42116,
        "name": "Mustard Inc.",
        "description": "API client for Automation workflows",
        "active_api_keys_count": 0,
        "total_api_keys_count": 0,
        "created_at": "2025-02-12T08:36:51.748+05:30",
        "updated_at": "2025-02-12T08:40:27.607+05:30",
        "is_legacy": false,
        "email": "[email protected]",
        "auth_type": "token",
        "api_collections": [
            {
                "id": 6883,
                "name": "1"
            }
        ],
        "api_keys": []
    }
}

Delete API client

Delete an existing API client.

DELETE /api/v2/api_clients/:api_client_id

Sample request

curl -X DELETE 'https://www.workato.com/api/v2/api_clients/42116' \
     -H 'Authorization: Bearer <api_token>'

Response

{
    "success": true
}

List access profiles

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new List API keys endpoint before this date to ensure uninterrupted service.

List all access profiles for an API client. If you don't provide an API client ID, this endpoint returns access profiles for all API clients.

GET /api/api_access_profiles

Query parameters

Name	Type	Description
api_client_id	string	Provide an API client ID to retrieve access profiles belonging to a specific API client.
per_page	integer	Number of access profiles returned in a single page. Defaults to 100. Max is 100.
page	integer	Choose the page of access profiles to return. The starting page is 1. Defaults to 1.

Sample request

curl  -X GET 'https://www.workato.com/api/api_access_profiles?api_client_id=933084' \
      -H 'Authorization: Bearer <api_token>'

Response

[
  {
    "id": 942738,
    "name": "Sales API Profile",
    "api_client_id": 933804,
    "api_collection_ids": [
      791245,
      785457,
      785404
    ],
    "active": true,
    "auth_type": "token",
    "created_at": "2023-11-07T19:39:04.294-05:00",
    "updated_at": "2023-11-07T19:39:04.294-05:00"
  },
  {
    "id": 942709,
    "name": "Purchases API Profile",
    "api_client_id": 933804,
    "api_collection_ids": [
      726374,
      743721,
      776384
    ],
    "active": true,
    "auth_type": "token",
    "created_at": "2023-11-07T18:48:19.908-05:00",
    "updated_at": "2023-11-07T18:48:19.908-05:00"
  }
]

List API keys

Retrieve all API keys for an API client. Provide the api_client_id parameter to filter keys for a specific client. If you don’t provide the api_client_id parameter, the endpoint returns API keys for all clients.

GET /api/v2/api_clients/:api_client_id/api_keys

Path parameters

Name	Type	Description
api_client_id	string optional	Filter API keys for a specific API client.

Sample request

curl  -X GET 'https://www.workato.com/api/v2/api_clients/933084/api_keys' \
      -H 'Authorization: Bearer <api_token>'

Response

{
    "data": [
        {
            "id": 17,
            "name": "Heat",
            "auth_type": "token",
            "ip_allow_list": [],
            "ip_deny_list": [
                "192.168.0.1"
            ],
            "active": true,
            "active_since": "2025-02-04T18:57:35-08:00",
            "auth_token": "dda2"
        }
    ],
    "count": 1,
    "page": 1,
    "per_page": 100
}

Create an access profile

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Create an API key endpoint before this date to ensure uninterrupted service.

Create an access profile for an API client. To use this endpoint, the workspace must contain at least one API collection to assign to the access profile.

The response returned depends on the auth type chosen (Auth token, JSON web token or OAuth 2.0).

• Auth token authorization will return the auth token in the secret response
• JWT token has 2 signing methods: HMAC and RSA. Depending on the chosen method, the respective secret or public is required in the payload
• OAuth 2.0 authorization will return the client ID and secret in oauth_client_id and oauth_client secret

POST /api/api_access_profiles

Query parameters

Name	Type	Description
api_client_id	string	ID of the API client.

Payload

Name	Type	Description
name	string required	Name of the access profile
api_collection_ids	array required	IDs of collections to add to the access profile
active	boolean required	Whether the access profile is disabled or enabled. A client with a disabled access profile cannot call any APIs.
auth_type	string required	Authentication method to validate requests. Available types are: token, jwt, oauth2 and oidc.
jwt_method	string	The JWT signing method. If the auth_type is jwt, this is required. Available methods are hmac and rsa for HMAC and RSA respectively.
ip_allow_list	array	List of IP addresses to be allowlisted
jwt_secret	string	Based on the method, specify the HMAC shared secret or the RSA public key.
oidc_issuer	string conditional	Discovery URL of identity provider or OIDC service. Provide only one of this or oidc_jwks_uri, not both. Only application if auth_type is jwt or oidc.
oidc_jwks_uri	string conditional	JWKS URL of identity provider or OIDC service. Provide only one of this or oidc_issuer, not both. Only application if auth_type is jwt or oidc.
access_profile_claim	string conditional	If you wish to use a custom claim to identify this access profile, provide the JWT claim key here. Learn more Only application if auth_type is jwt or oidc.
required_claims	array conditional	Provide a list of claims that you wish to enforce.Only application if auth_type is jwt or oidc.
allowed_issuers	array conditional	Provide a list of issuers (iss value in JWT claims) that you wish to allow. Leave If iss claim is enforced in required_claims, leave this blank to require any iss value. Only application if auth_type is jwt or oidc.

Sample request (Auth token)

curl  -X POST 'https://www.workato.com/api/api_access_profiles?api_client_id=1255'\
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
  	          "name": "Sales team",
  	          "api_collection_ids": [1391, 1388],
              "auth_type": "token",
  	          "active": true,
              "ip_allow_list": ["192.168.0.1", "192.168.0.0/20"]
           }'

Sample request (JWT RSA)

curl  -X POST 'https://www.workato.com/api/api_access_profiles?api_client_id=1255'\
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
	           "name": "HMAC API",
	           "api_collection_ids": [1391, 1388],
	           "auth_type": "jwt",
	           "jwt_method": "rsa",
	           "jwt_secret": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ngjihh5hXDRe0c1qPNc\nrF7RIoAG/iNZXruTspeX8e2auMBXTwVI0sLgwUo26lMXCRAvC004JWKugzh1UHXY\nsjmtwZFRznqhb/ojJDi785+zbmVNLWmbIB/ChBUyckBSExsmR0nOpQhiW0przr2J\ncQIDAQAB\n-----END PUBLIC KEY-----",
	           "active": true
           }'

Response (Auth token)

{
    "id": 26985,
    "name": "New test",
    "api_client_id": 1255,
    "api_collection_ids": [
        1395
    ],
    "active": true,
    "auth_type": "token",
    "jwt_method": null,
    "jwt_secret": null,
    "oauth_client_id": null,
    "oauth_client_secret": null,
    "secret": "e3a1ce1d46c4hjk8kfj26781c6ed3073312451ee0990035bf8a4bc90c2a2",
    "created_at": "2020-08-12T08:03:05.492-07:00",
    "updated_at": "2020-08-12T08:03:05.492-07:00"
}

Create an API key

Create a new API key for an API client.

POST /api/v2/api_clients/:api_client_id/api_keys

Path parameters

Name	Type	Description
api_client_id	string required	Specify the ID of the API client to create the API key for.

Payload

Name	Type	Description
name	string required	Name of the API key.
active	boolean required	Indicates whether the API key is enabled or disabled. Disabled keys cannot call any APIs.
ip_allow_list	array optional	List of IP addresses to add to the allowlist.
ip_deny_list	array optional	List of IP addresses to deny requests from.

Sample request

curl  -X POST 'https://www.workato.com/api/v2/api_clients/933084/api_keys' \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
            "name": "Automation Inc.",
            "active": true,
            "ip_allow_list": ["8.8.8.8/24"],
            "ip_deny_list": ["192.168.0.0/16"]
          }'

Response

{
    "data": {
        "id": 37326,
        "name": "Automation Inc.",
        "auth_type": "token",
        "ip_allow_list": ["8.8.8.8/24"],
        "ip_deny_list": ["192.168.0.0/16"],
        "active": true,
        "active_since": "2025-02-12T08:41:44+05:30",
        "auth_token": "72b378def0c1d83e6a015e654a744c380655565a68c591cf9f3598d0d14bdb5f"
    }
}

Update an access profile

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Update an API key endpoint before this date to ensure uninterrupted service.

Update an access profile for an API client.

The response returned depends on the auth type chosen (Auth token, JSON web token or OAuth 2.0).

• Auth token authorization will return the auth token in the secret response
• JWT token has 2 signing methods: HMAC and RSA. Depending on the chosen method, the respective secret or public is required in the payload
• OAuth 2.0 authorization will return the client ID and secret in oauth_client_id and oauth_client secret

PUT /api/api_access_profiles/:api_access_profile_id

Path parameters

Name	Type	Description
api_access_profile_id	string required	API access profile ID.

Payload

Name	Type	Description
name	string required	Existing/Updated name of the access profile
api_collection_ids	array required	Existing/updated API collection IDs to be configured for the access profile
active	boolean required	Whether the access profile is disabled or enabled. A client with a disabled access profile cannot call any APIs.
auth_type	string required	Authentication method to validate requests. Available types are: token, jwt, oauth2 and oidc.
ip_allow_list	array	List of IP addresses to be allowlisted
jwt_method	string	The JWT signing method. If the auth_type is jwt, this is required. Available methods are hmac and rsa for HMAC and RSA respectively.
jwt_secret	string	Based on the method, specify the HMAC shared secret or the RSA public key.
oidc_issuer	string conditional	Discovery URL of identity provider or OIDC service. Provide only one of this or oidc_jwks_uri, not both. Only application if auth_type is jwt or oidc.
oidc_jwks_uri	string conditional	JWKS URL of identity provider or OIDC service. Provide only one of this or oidc_issuer, not both. Only application if auth_type is jwt or oidc.
access_profile_claim	string conditional	If you wish to use a custom claim to identify this access profile, provide the JWT claim key here. Learn more Only application if auth_type is jwt or oidc.
required_claims	array conditional	Provide a list of claims that you wish to enforce.Only application if auth_type is jwt or oidc.
allowed_issuers	array conditional	Provide a list of issuers (iss value in JWT claims) that you wish to allow. Leave If iss claim is enforced in required_claims, leave this blank to require any iss value. Only application if auth_type is jwt or oidc.

Sample request (Auth token)

curl  -X PUT 'https://www.workato.com/api/api_access_profiles/27894'\
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
  	          "name": "Sales team",
  	          "api_collection_ids": [1391, 1388],
              "auth_type": "token",
  	          "active": true,
              "ip_allow_list": ["192.168.0.1", "192.168.0.0/20"]
           }'

Update an API key

Update an existing API key for an API client.

PUT /api/v2/api_clients/:api_client_id/api_keys/:api_key_id

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client associated with the API key.
api_key_id	string required	ID of the API key to update.

Payload

Name	Type	Description
name	string optional	Updated name of the API key.
ip_allow_list	array optional	Updated list of IP addresses to allow requests from.
ip_deny_list	array optional	Updated list of IP addresses to deny requests from.

Sample request

curl  -X PUT 'https://www.workato.com/api/v2/api_clients/933084/api_keys/2454' \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
              "name": "Mustard Inc.",
              "ip_allow_list": ["8.8.8.8/24"],
              "ip_deny_list": ["192.168.0.0/16"]
          }'

Response

{
    "data": {
        "id": 37326,
        "name": "Mustard Inc.",
        "auth_type": "token",
        "ip_allow_list": ["8.8.8.8/24"],
        "ip_deny_list": ["192.168.0.0/16"],
        "active": false,
        "active_since": "2025-02-12T08:41:44+05:30",
        "auth_token": "db5f"
    }
}

Enable an access profile

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Enable an API key endpoint before this date to ensure uninterrupted service.

Enable an access profile belonging to an API client. Enabling an access profile will allow API calls to be accepted with the enabled profile.

This call returns success or error messages for Unauthorized/Bad requests.

PUT /api/api_access_profiles/:api_access_profile_id/enable

Path parameters

Name	Type	Description
api_access_profile_id	string required	ID of the access profile.

Sample request (Auth token)

curl  -X PUT https://www.workato.com/api/api_access_profiles/1213/enable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

Enable API key

Enable an API key for an API client.

PUT /api/v2/api_clients/:api_client_id/api_keys/:api_key_id/enable

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client that owns the API key.
api_key_id	string required	ID of the API key to enable.

Sample request

curl  -X PUT 'https://www.workato.com/api/v2/api_clients/933084/api_keys/2454/enable' \
      -H 'Authorization: Bearer <api_token>'

Response

{
    "success": true
}

Disable an access profile

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Disable an API key endpoint before this date to ensure uninterrupted service.

Disable an access profile belonging to an API client. Disabling an access profile will stop allowing API calls to be accepted with the access profile.

This call returns success or error messages for Unauthorized/Bad requests.

PUT /api/api_access_profiles/:api_access_profile_id/disable

Path parameters

Name	Type	Description
api_access_profile_id	string required	ID of the access profile.

Sample request (Auth token)

curl  -X PUT https://www.workato.com/api/api_access_profiles/1213/disable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

Disable API key

Disable an API key for an API client.

PUT /api/v2/api_clients/:api_client_id/api_keys/:api_key_id/disable

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client that owns the API key.
api_key_id	string required	ID of the API key to disable.

Sample request

curl  -X PUT 'https://www.workato.com/api/v2/api_clients/933084/api_keys/2454/disable' \
      -H 'Authorization: Bearer <api_token>'

Response

{
    "success": true
}

Refresh token/secret

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Refresh API key secret endpoint before this date to ensure uninterrupted service.

Refreshes the auth token or OAuth 2.0 client secret. This endpoint will fail if the authorization type on the access profile is JWT.

The response returned depends on the authorization type of the access profile (Auth token or OAuth 2.0).

• Auth token authorization will return a new auth token in the secret response
• OAuth 2.0 authorization will return a new client ID and secret in oauth_client_id and oauth_client secret

PUT /api/api_access_profiles/:access_profile_id/refresh_secret

Path parameters

Name	Type	Description
access_profile_id	string required	API access profile ID

Response (Auth token)

{
    "id": 26962,
    "name": "Sales team",
    "api_client_id": 1255,
    "api_collection_ids": [
        1391
    ],
    "active": true,
    "auth_type": "token",
    "jwt_method": null,
    "jwt_secret": null,
    "oauth_client_id": null,
    "oauth_client_secret": null,
    "secret": "xxxxxxxxxxx",
    "created_at": "2020-07-31T09:10:03.310-07:00",
    "updated_at": "2020-08-05T06:08:46.290-07:00"
}

Refresh API key secret

Refresh the authentication token or OAuth 2.0 client secret for an API key.

PUT /api/v2/api_clients/:api_client_id/api_keys/:api_key_id/refresh_secret

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client that owns the API key.
api_key_id	string required	ID of the API key to refresh.

Sample request

curl  -X PUT 'https://www.workato.com/api/v2/api_clients/933084/api_keys/3455/refresh_secret' \
      -H 'Authorization: Bearer <api_token>'

Response

{
    "data": {
        "id": 37326,
        "name": "Mustard Inc.",
        "auth_type": "token",
        "ip_allow_list": ["8.8.8.8/24"],
        "ip_deny_list": ["192.168.0.0/16"],
        "active": true,
        "active_since": "2025-02-12T08:44:37+05:30",
        "auth_token": "572d581d91860a7c6372e9390699e26ac5917ac2520e1a917fba43b56d11edbe"
    }
}

Delete API key

Delete an API key for an API client.

DELETE /api/v2/api_clients/:api_client_id/api_keys/:api_key_id

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client associated with the API key.
api_key_id	string required	ID of the API key to delete.

Sample request

curl -X DELETE 'https://www.workato.com/api/v2/api_clients/933084/api_keys/3455' \
     -H 'Authorization: Bearer <api_token>'

Response

{
    "success": true
}

List API portals

List all API portals associated with API clients in your workspace.

GET /api/v2/api_portals

Sample request

curl  -X GET 'https://www.workato.com/api/v2/api_portals' \
      -H 'Authorization: Bearer <api_token>'

Response

{
    "data": [
        {
            "id": 37,
            "user_id": 14487,
            "name": "IDEA Lifestyle",
            "subdomain": "idea",
            "brand_color": "#371093",
            "api_collection_ids": [
                6882
            ],
            "created_at": "2024-12-13T08:46:37.125+05:30",
            "updated_at": "2025-02-10T14:10:21.440+05:30",
            "logo": "https://workato-staging-assets.s3.amazonaws.com/api_portal/models/portals/logos/000/000/037/small/007.png?1734059797",
            "logo_2x": "https://workato-staging-assets.s3.amazonaws.com/api_portal/models/portals/logos/000/000/037/medium/007.png?1734059797"
        }
    ],
    "count": 1,
    "page": 1,
    "per_page": 100
}