API platform

The API platform APIs allow users to programmatically create and manage API Platform assets like endpoints, collections, clients, and access profiles.

API platform endpoints allow up to 10 requests per second.

DEPRECATION NOTICE

The following endpoints are scheduled for deprecation on December 1, 2025:

List API clients
Create an API client
List access profiles
Create an access profile
Update an access profile
Enable access profile
Disable access profile
Refresh token/secret

Migrate to the following endpoints before this date to avoid service interruptions:

List API clients (v2)
Create an API client (v2)
List API keys
Create an API key
Update an API key
Enable API key
Disable API key
Refresh API key secret

Rate limits

API platform resources have the following rate limits:

Quick reference

Type	Resource	Description
GET	/api/api_collections	List API collections. The endpoint returns the `project_id` of the project to which the collections belong in the response.
POST	/api/api_collections	Create an API collection within a project you specify.
GET	/api/api_endpoints	List API endpoints in a collection.
PUT	/api/api_endpoints/:api_endpoint_id/enable	Enable an API endpoint in a collection.
PUT	/api/api_endpoints/:api_endpoint_id/disable	Disable an API endpoint in a collection.
GET	/api/api_clients	List all API clients. We recommend that you migrate to the List API clients (v2) endpoint to prepare for future deprecation.
GET	/api/v2/api_clients	List all API clients. Workato includes the `project_id` of the project associated with the API client in the response.
POST	/api/api_clients	Create a new API client within a project you specify. We recommend that you migrate to the Create API client (v2) endpoint to prepare for future deprecation.
POST	/api/v2/api_clients	Create a new API client within a project you specify.
GET	/api/v2/api_clients/:api_client_id	Retrieve details of an API client by ID.
PUT	/api/v2/api_clients/:api_client_id	Update an existing API client within a project you specify.
DELETE	/api/v2/api_clients/:api_client_id	Delete an existing API client.
GET	/api/api_access_profiles	List access profiles for an API client. We recommend that you migrate to the List API keys endpoint to prepare for future deprecation.
GET	/api/v2/api_clients/:api_client_id/api_keys	List API keys for an API client.
POST	/api/api_access_profiles	Create an access profile for an API client. We recommend that you migrate to the Create API key endpoint to prepare for future deprecation.
POST	/api/v2/api_clients/:api_client_id/api_keys	Create an API key for an API client.
PUT	/api/api_access_profiles/:api_access_profile_id	Update an access profile for an API client. We recommend that you migrate to the Update API key endpoint to prepare for future deprecation.
PUT	/api/v2/api_clients/:api_client_id/api_keys/:api_key_id	Update an API key for an API client.
PUT	/api/api_access_profiles/ :api_access_profile_id/enable	Enable an access profile for an API client. We recommend that you migrate to the Enable API key endpoint to prepare for future deprecation.
PUT	/api/v2/api_clients/:api_client_id/ api_keys/:api_key_id/enable	Enable an API key for an API client.
PUT	/api/api_access_profiles/:api_access_profile_id/disable	Disable an access profile for an API client. We recommend that you migrate to the Disable API key endpoint to prepare for future deprecation.
PUT	/api/v2/api_clients/:api_client_id/ api_keys/:api_key_id/disable	Disable an API key for an API client.
PUT	/api/api_access_profiles/:access_profile_id/refresh_secret	Refresh the token or secret for an access profile. We recommend that you migrate to the Refresh API key secret endpoint to prepare for future deprecation.
PUT	/api/v2/api_clients/:api_client_id/ api_keys/:api_key_id/refresh_secret	Refresh the authentication token or OAuth 2.0 client secret for an API key.
DELETE	/api/v2/api_clients/:api_client_id/api_keys/:api_key_id	Delete an existing API key.
GET	/api/v2/api_portals	List all API portals associated with API clients in your workspace.
GET	/api/cert_bundles	List all certificate bundles.
POST	/api/cert_bundles	Create a new certificate bundle.
PUT	/api/cert_bundles/:certificate_bundle_id	Update a certificate bundle.
DELETE	/api/cert_bundles/:certificate_bundle_id	Delete a certificate bundle.
GET	/api/cert_bundles/:certificate_bundle_id/download	Download the certificate bundle PEM file.

List API collections

List all API collections. The endpoint returns the project_id of the project to which the collections belong in the response.

GET /api/api_collections

Query parameters

Name	Type	Description
per_page	integer	Number of API collections to return in a single page. Defaults to `100`. Max is `100`.
page	integer	Page number of the API collections to fetch. Defaults to `1`.

Response

json

[
    {
        "id": 1361,
        "name": "Quote to cash",
        "version": "1.0",
        "url": "https://api.peatql.io/quote-to-cash-v1",
        "api_spec_url": "https://www.workato.com/doc/service/quote-to-cash-v1/swagger?token=4cab5bdf2cebbe2b4ahjkc9ac175f60c",
        "created_at": "2020-06-15T22:20:15.327-07:00",
        "updated_at": "2020-06-15T22:20:15.327-07:00",
        "project_id": "523144"
    }
]

Create an API collection

Create an API collection within a project you specify.

POST /api/api_collections

Query parameters

Name	Type	Description
project_id	string required	The ID of a specific project. Retrieve a list of project IDs using the list projects endpoint.

Payload

Name	Type	Description
name	string required	Name of the collection

Sample request

shell

curl  -X POST https://www.workato.com/api/api_collections?project_id=523144 \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
            "name": "Netsuite customers"
          }'

Response

json

{
    "id": 1391,
    "name": "Netsuite customers",
    "version": "1.0",
    "url": "https://api.na.workato.com/abstergoi/netsuite-customers-v1",
    "api_spec_url": "https://www.workato.com/doc/service/netsuite-customers-v1/swagger?token=774513f8a712djkls90s7f5a3165eb96d",
    "created_at": "2020-07-31T08:24:31.439-07:00",
    "updated_at": "2020-07-31T08:24:31.439-07:00"
}

List API endpoints

Lists all API endpoints. Specify the api_collection_id to obtain the list of endpoints in a specific collection.

GET /api/api_endpoints

Query parameters

Name	Type	Description
api_collection_id	string	ID of the API collection. If the parameter is not provided, all API endpoints are returned.
per_page	integer	Number of API endpoints to return in a single page. Defaults to `100`. Max is `100`.
page	integer	Page number of the API endpoints to fetch. Defaults to `1`.

Sample request

shell

curl  -X GET 'https://www.workato.com/api/api_endpoints?api_collection_id=1391' \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

Response

json

[
  {
      "id": 9903,
      "api_collection_id": 1391,
      "flow_id": 39999,
      "name": "salesforce search",
      "method": "GET",
      "url": "https://api.na.workato.com/abstergoi/netsuite-customers-v1/salesforce/search",
      "legacy_url": null,
      "base_path": "/abstergoi/netsuite-customers-v1/salesforce/search",
      "path": "salesforce/search",
      "active": false,
      "legacy": false,
      "created_at": "2020-08-05T05:59:55.991-07:00",
      "updated_at": "2020-08-05T05:59:55.991-07:00"
  }
]

Enable an API endpoint

Enables an API endpoint. You must start the associated recipe to enable the API endpoint successfully.

PUT /api/api_endpoints/:api_endpoint_id/enable

Path parameters

Name	Type	Description
api_endpoint_id	string	ID of the API endpoint.

Sample request

shell

curl  -X PUT https://www.workato.com/api/api_endpoints/1213/enable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

Disable an API endpoint

Disables an active API endpoint. The endpoint can no longer be called by a client.

PUT /api/api_endpoints/:api_endpoint_id/disable

Path parameters

Name	Type	Description
api_endpoint_id	string	ID of the API endpoint.

Sample request

shell

curl  -X PUT https://www.workato.com/api/api_endpoints/1213/disable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

List API clients

List all API clients. This endpoint includes the project_id to which the API client belongs in the response.

GET /api/api_clients

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new List API clients (v2) endpoint before this date to ensure uninterrupted service.

Response

json

[
  {
      "id": 1255,
      "name": "Automation Inc.",
      "created_at": "2020-07-31T03:44:22.435-07:00",
      "updated_at": "2020-07-31T03:44:22.435-07:00",
      "project_id" : "523144"
  },
  {
      "id": 1890,
      "name": "Umbrella Corporation",
      "created_at": "2020-07-31T03:44:22.435-07:00",
      "updated_at": "2020-07-31T03:44:22.435-07:00",
      "project_id": "423455"
  }
]

List API clients (v2)

List all API clients. This endpoint includes the project_id of the API client in the response.

GET /api/v2/api_clients

Query parameters

Name	Type	Description
project_id	string optional	The ID of a specific project. Retrieve a list of project IDs with the list projects endpoint.
page	integer optional	Page number. Defaults to 1.
per_page	integer optional	Page size. Defaults to 100. The maximum page size is 100.
cert_bundle_ids	array optional	Filter clients by certificate bundle IDs. Returns only clients associated with the specified certificate bundles.

Sample request

shell

curl -X GET https://www.workato.com/api/v2/api_clients \
     -H 'Authorization: Bearer <api_token>'

Response

json

{
  "data": [
    {
      "id": 1,
      "name": "Test client",
      "description": "",
      "active_api_keys_count": 2,
      "total_api_keys_count": 2,
      "created_at": "2023-05-25T08:08:21.413-07:00",
      "updated_at": "2024-10-25T03:52:07.122-07:00",
      "logo": "https://s3-48296.alexv.awstf.workato.com/paperclip/api_customers/logos/000/000/001/small/psyduck.png?1729853526",
      "logo_2x": "https://s3-48296.alexv.awstf.workato.com/paperclip/api_customers/logos/000/000/001/medium/psyduck.png?1729853526",
      "is_legacy": true,
      "api_policies": [
        {
          "id": 2,
          "name": "Internal – Admins"
        }
      ],
      "api_collections": [
        {
          "id": 1,
          "name": "Echo collection"
        },
        {
          "id": 2,
          "name": "Proxy"
        },
        {
          "id": 4,
          "name": "Proxy to Alex's API collection"
        },
        {
          "id": 6,
          "name": "San Sanych"
        }
      ]
    }
  ],
  "count": 1,
  "page": 1,
  "per_page": 100
}

Create an API client

Create a new API client within a project you specify.

POST /api/api_clients

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Create an API client (v2) endpoint before this date to ensure uninterrupted service.

Query parameters

Name	Type	Description
project_id	string required	The ID of a specific project. Retrieve a list of project IDs by using the list projects endpoint.

Payload

Name	Type	Description
name	string required	Name of the client.

Sample request

shell

curl  -X POST https://www.workato.com/api/api_clients?project_id=523144 \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
            "name": "Automation Inc.",
          }'

Response

json

{
    "id": 1255,
    "name": "Automation Inc.",
    "created_at": "2020-07-31T03:44:22.435-07:00",
    "updated_at": "2020-07-31T03:44:22.435-07:00"
}

Create an API client (v2)

Create a new API client within a project you specify.

POST /api/v2/api_clients

Payload

Name	Type	Description
name	string required	Name of the client.
description	string optional	Description of the client.
project_id	integer optional	ID of the project to create the client in, if applicable.
api_portal_id	integer conditional	The ID of the API portal to assign the client, if applicable. Required when the `email` field is provided in the request payload.
email	string conditional	Email address for the client. Required if `api_portal_id` exists.
api_collection_ids	array required	IDs of API collections to assign to the client.
api_policy_id	integer optional	ID of the API policy to apply.
auth_type	string required	Authentication method to validate requests. Supported types include `token`, `jwt`, `oauth2` and `oidc`.
jwt_method	string conditional	The JWT signing method. Required when `auth_type` is `jwt`. Supported methods include `hmac` (HMAC) and `rsa` (RSA).
jwt_secret	string conditional	HMAC shared secret or RSA public key. Required when `auth_type` is `jwt`.
oidc_issuer	string conditional	Discovery URL for the OIDC identity provider. Specify this or `oidc_jwks_uri` when `auth_type` is `jwt` or `oidc`.
oidc_jwks_uri	string conditional	JWKS URL for the OIDC identity provider. Specify this or `oidc_issuer` when `auth_type` is `jwt` or `oidc`.
access_profile_claim	string conditional	JWT claim key used to identify the access profile. Applicable when `auth_type` is `jwt` or `oidc`. Learn more.
required_claims	array conditional	List of claims to enforce. Applicable when `auth_type` is `jwt` or `oidc`.
allowed_issuers	array conditional	List of issuers (iss claim) to allow. If the `iss` claim is enforced in `required_claims`, leave this blank to allow any issuer. Applicable when `auth_type` is `jwt` or `oidc`.
mtls_enabled	boolean optional	Whether mutual TLS is enabled for this client.
validation_formula	string optional	Formula to validate client certificates.
cert_bundle_ids	array optional	Certificate bundle IDs used for mTLS.

Sample request

shell

curl -X POST https://www.workato.com/api/v2/api_clients \
     -H 'Authorization: Bearer <api_token>' \
     -H 'Content-Type: application/json' \
     -d '{
            "name": "Automation Inc.",
            "description": "API client for Product Catalog",
            "api_collection_ids": [6883],
            "api_portal_id": 37,
            "auth_type": "token",
            "api_policy_id": 1,
            "email": "alex.das@workato.com",
            "mtls_enabled": true,
            "validation_formula": "OU=Workato",
            "cert_bundle_ids": [3]
        }'

Response

json

{
    "data": {
        "id": 42116,
        "name": "Automation Inc.",
        "description": "API client for Product Catalog",
        "active_api_keys_count": 0,
        "total_api_keys_count": 0,
        "created_at": "2025-02-12T08:36:51.748+05:30",
        "updated_at": "2025-02-12T08:36:51.748+05:30",
        "is_legacy": false,
        "email": "alex.das@workato.com",
        "auth_type": "token",
        "mtls_enabled": true,
        "validation_formula": "OU=Workato",
        "cert_bundle_ids": [3],
        "api_collections": [
            {
                "id": 6883,
                "name": "Product Catalog"
            }
        ]
    }
}

Get API client

Retrieve details of an API client by ID.

GET /api/v2/api_clients/:api_client_id

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client to retrieve.

Sample request

shell

curl -X GET https://www.workato.com/api/v2/api_clients/42116 \
     -H 'Authorization: Bearer <api_token>'

Response

json

{
    "data": {
        "id": 42116,
        "name": "Automation Inc.",
        "description": "API client for Product Catalog",
        "active_api_keys_count": 0,
        "total_api_keys_count": 0,
        "created_at": "2025-02-12T08:36:51.748+05:30",
        "updated_at": "2025-02-12T08:36:51.748+05:30",
        "is_legacy": false,
        "email": "alex.das@workato.com",
        "auth_type": "token",
        "api_collections": [
            {
                "id": 6883,
                "name": "Product Catalog"
            }
        ],
        "api_keys": []
    }
}

Update API client

Update an existing API client within a project you specify.

PUT /api/v2/api_clients/:api_client_id

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client to update.

Payload

Name	Type	Description
name	string required	Updated name of the client.
description	string optional	Updated description of the client.
project_id	integer optional	Updated project ID associated with the client.
email	string optional	Updated email address for the client.
api_collection_ids	array required	Updated list of API collections assigned to the client.
api_policy_id	integer required	Updated API policy ID.
jwt_method	string conditional	Updated JWT signing method. Required when `auth_type` is `jwt`. Supported methods include `hmac` (HMAC) and `rsa` (RSA).
jwt_secret	string conditional	Updated HMAC shared secret or RSA public key. Required when `auth_type` is `jwt`.
oidc_issuer	string conditional	Updated discovery URL for the OIDC identity provider. Specify this or `oidc_jwks_uri` when `auth_type` is `jwt` or `oidc`.
oidc_jwks_uri	string conditional	Updated JWKS URL for the OIDC identity provider. Specify this or `oidc_issuer` when `auth_type` is `jwt` or `oidc`.
access_profile_claim	string conditional	Updated JWT claim key used to identify the access profile. Applicable when `auth_type` is `jwt` or `oidc`. Learn more.
required_claims	array conditional	Updated list of claims to enforce. Applicable when `auth_type` is `jwt` or `oidc`.
allowed_issuers	array conditional	Updated list of issuers (iss claim) to allow. If the `iss` claim is enforced in `required_claims`, leave this blank to allow any issuer. Applicable when `auth_type` is `jwt` or `oidc`.
mtls_enabled	boolean optional	Whether mutual TLS is enabled for this client.
validation_formula	string optional	Updated formula to validate client certificates.
cert_bundle_ids	array optional	Updated certificate bundle IDs used for mTLS.

Sample request

shell

curl -X PUT https://www.workato.com/api/v2/api_clients/42116 \
     -H 'Authorization: Bearer <api_token>' \
     -H 'Content-Type: application/json' \
     -d '{
           "name": "Mustard Inc.",
           "description": "API client for Automation workflows"
         }'

Response

json

{
    "data": {
        "id": 42116,
        "name": "Mustard Inc.",
        "description": "API client for Automation workflows",
        "active_api_keys_count": 0,
        "total_api_keys_count": 0,
        "created_at": "2025-02-12T08:36:51.748+05:30",
        "updated_at": "2025-02-12T08:40:27.607+05:30",
        "is_legacy": false,
        "email": "damien.tan@workato.com",
        "auth_type": "token",
        "mtls_enabled": true,
        "validation_formula": "CN=api-client",
        "cert_bundle_ids": [2],
        "api_collections": [
            {
                "id": 6883,
                "name": "1"
            }
        ],
        "api_keys": []
    }
}

Delete API client

Delete an existing API client.

DELETE /api/v2/api_clients/:api_client_id

Sample request

shell

curl -X DELETE 'https://www.workato.com/api/v2/api_clients/42116' \
     -H 'Authorization: Bearer <api_token>'

Response

json

{
    "success": true
}

List access profiles

List all access profiles for an API client. If you don't provide an API client ID, this endpoint returns access profiles for all API clients.

GET /api/api_access_profiles

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new List API keys endpoint before this date to ensure uninterrupted service.

Query parameters

Name	Type	Description
api_client_id	string	Provide an API client ID to retrieve access profiles belonging to a specific API client.
per_page	integer	Number of access profiles returned in a single page. Defaults to `100`. Max is `100`.
page	integer	Choose the page of access profiles to return. The starting page is `1`. Defaults to `1`.

Sample request

shell

curl  -X GET 'https://www.workato.com/api/api_access_profiles?api_client_id=933084' \
      -H 'Authorization: Bearer <api_token>'

Response

json

[
  {
    "id": 942738,
    "name": "Sales API Profile",
    "api_client_id": 933804,
    "api_collection_ids": [
      791245,
      785457,
      785404
    ],
    "active": true,
    "auth_type": "token",
    "created_at": "2023-11-07T19:39:04.294-05:00",
    "updated_at": "2023-11-07T19:39:04.294-05:00"
  },
  {
    "id": 942709,
    "name": "Purchases API Profile",
    "api_client_id": 933804,
    "api_collection_ids": [
      726374,
      743721,
      776384
    ],
    "active": true,
    "auth_type": "token",
    "created_at": "2023-11-07T18:48:19.908-05:00",
    "updated_at": "2023-11-07T18:48:19.908-05:00"
  }
]

List API keys

Retrieve all API keys for an API client. Provide the api_client_id parameter to filter keys for a specific client. If you don’t provide the api_client_id parameter, the endpoint returns API keys for all clients.

GET /api/v2/api_clients/:api_client_id/api_keys

Path parameters

Name	Type	Description
api_client_id	string optional	Filter API keys for a specific API client.

Sample request

shell

curl  -X GET 'https://www.workato.com/api/v2/api_clients/933084/api_keys' \
      -H 'Authorization: Bearer <api_token>'

Response

json

{
    "data": [
        {
            "id": 17,
            "name": "Heat",
            "auth_type": "token",
            "ip_allow_list": [],
            "ip_deny_list": [
                "192.168.0.1"
            ],
            "active": true,
            "active_since": "2025-02-04T18:57:35-08:00",
            "auth_token": "dda2"
        }
    ],
    "count": 1,
    "page": 1,
    "per_page": 100
}

Create an access profile

Create an access profile for an API client. To use this endpoint, the workspace must contain at least one API collection to assign to the access profile.

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Create an API key endpoint before this date to ensure uninterrupted service.

The response returned depends on the auth type chosen (Auth token, JSON web token or OAuth 2.0).

Auth token authorization will return the auth token in the secret response
JWT token has 2 signing methods: HMAC and RSA. Depending on the chosen method, the respective secret or public is required in the payload
OAuth 2.0 authorization will return the client ID and secret in oauth_client_id and oauth_client secret

POST /api/api_access_profiles

Query parameters

Name	Type	Description
api_client_id	string	ID of the API client.

Payload

Name	Type	Description
name	string required	Name of the access profile
api_collection_ids	array required	IDs of collections to add to the access profile
active	boolean required	Whether the access profile is disabled or enabled. A client with a disabled access profile cannot call any APIs.
auth_type	string required	Authentication method to validate requests. Available types are: `token`, `jwt`, `oauth2` and `oidc`.
jwt_method	string	The JWT signing method. If the auth_type is `jwt`, this is required. Available methods are `hmac` and `rsa` for HMAC and RSA respectively.
ip_allow_list	array	List of IP addresses to be allowlisted
jwt_secret	string	Based on the method, specify the HMAC shared secret or the RSA public key.
oidc_issuer	string conditional	Discovery URL of identity provider or OIDC service. Provide only one of this or oidc_jwks_uri, not both. Only application if auth_type is `jwt` or `oidc`.
oidc_jwks_uri	string conditional	JWKS URL of identity provider or OIDC service. Provide only one of this or oidc_issuer, not both. Only application if auth_type is `jwt` or `oidc`.
access_profile_claim	string conditional	If you wish to use a custom claim to identify this access profile, provide the JWT claim key here. Learn more Only application if auth_type is `jwt` or `oidc`.
required_claims	array conditional	Provide a list of claims that you wish to enforce.Only application if auth_type is `jwt` or `oidc`.
allowed_issuers	array conditional	Provide a list of issuers (`iss` value in JWT claims) that you wish to allow. Leave If `iss` claim is enforced in required_claims, leave this blank to require any `iss` value. Only application if auth_type is `jwt` or `oidc`.

Sample request (Auth token)

shell

curl  -X POST 'https://www.workato.com/api/api_access_profiles?api_client_id=1255'\
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
  	          "name": "Sales team",
  	          "api_collection_ids": [1391, 1388],
              "auth_type": "token",
  	          "active": true,
              "ip_allow_list": ["192.168.0.1", "192.168.0.0/20"]
           }'

Sample request (JWT RSA)

shell

curl  -X POST 'https://www.workato.com/api/api_access_profiles?api_client_id=1255'\
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
	           "name": "HMAC API",
	           "api_collection_ids": [1391, 1388],
	           "auth_type": "jwt",
	           "jwt_method": "rsa",
	           "jwt_secret": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ngjihh5hXDRe0c1qPNc\nrF7RIoAG/iNZXruTspeX8e2auMBXTwVI0sLgwUo26lMXCRAvC004JWKugzh1UHXY\nsjmtwZFRznqhb/ojJDi785+zbmVNLWmbIB/ChBUyckBSExsmR0nOpQhiW0przr2J\ncQIDAQAB\n-----END PUBLIC KEY-----",
	           "active": true
           }'

Response (Auth token)

json

{
    "id": 26985,
    "name": "New test",
    "api_client_id": 1255,
    "api_collection_ids": [
        1395
    ],
    "active": true,
    "auth_type": "token",
    "jwt_method": null,
    "jwt_secret": null,
    "oauth_client_id": null,
    "oauth_client_secret": null,
    "secret": "e3a1ce1d46c4hjk8kfj26781c6ed3073312451ee0990035bf8a4bc90c2a2",
    "created_at": "2020-08-12T08:03:05.492-07:00",
    "updated_at": "2020-08-12T08:03:05.492-07:00"
}

Create an API key

Create a new API key for an API client.

POST /api/v2/api_clients/:api_client_id/api_keys

Path parameters

Name	Type	Description
api_client_id	string required	Specify the ID of the API client to create the API key for.

Payload

Name	Type	Description
name	string required	Name of the API key.
active	boolean required	Indicates whether the API key is enabled or disabled. Disabled keys cannot call any APIs.
ip_allow_list	array optional	List of IP addresses to add to the allowlist.
ip_deny_list	array optional	List of IP addresses to deny requests from.

Sample request

shell

curl  -X POST 'https://www.workato.com/api/v2/api_clients/933084/api_keys' \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
            "name": "Automation Inc.",
            "active": true,
            "ip_allow_list": ["8.8.8.8/24"],
            "ip_deny_list": ["192.168.0.0/16"]
          }'

Response

json

{
    "data": {
        "id": 37326,
        "name": "Automation Inc.",
        "auth_type": "token",
        "ip_allow_list": ["8.8.8.8/24"],
        "ip_deny_list": ["192.168.0.0/16"],
        "active": true,
        "active_since": "2025-02-12T08:41:44+05:30",
        "auth_token": "72b378def0c1d83e6a015e654a744c380655565a68c591cf9f3598d0d14bdb5f"
    }
}

Update an access profile

Update an access profile for an API client.

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Update an API key endpoint before this date to ensure uninterrupted service.

The response returned depends on the auth type chosen (Auth token, JSON web token or OAuth 2.0).

Auth token authorization will return the auth token in the secret response
JWT token has 2 signing methods: HMAC and RSA. Depending on the chosen method, the respective secret or public is required in the payload
OAuth 2.0 authorization will return the client ID and secret in oauth_client_id and oauth_client secret

PUT /api/api_access_profiles/:api_access_profile_id

Path parameters

Name	Type	Description
api_access_profile_id	string required	API access profile ID.

Payload

Name	Type	Description
name	string required	Existing/Updated name of the access profile
api_collection_ids	array required	Existing/updated API collection IDs to be configured for the access profile
active	boolean required	Whether the access profile is disabled or enabled. A client with a disabled access profile cannot call any APIs.
auth_type	string required	Authentication method to validate requests. Available types are: `token`, `jwt`, `oauth2` and `oidc`.
ip_allow_list	array	List of IP addresses to be allowlisted
jwt_method	string	The JWT signing method. If the auth_type is `jwt`, this is required. Available methods are `hmac` and `rsa` for HMAC and RSA respectively.
jwt_secret	string	Based on the method, specify the HMAC shared secret or the RSA public key.
oidc_issuer	string conditional	Discovery URL of identity provider or OIDC service. Provide only one of this or oidc_jwks_uri, not both. Only application if auth_type is `jwt` or `oidc`.
oidc_jwks_uri	string conditional	JWKS URL of identity provider or OIDC service. Provide only one of this or oidc_issuer, not both. Only application if auth_type is `jwt` or `oidc`.
access_profile_claim	string conditional	If you wish to use a custom claim to identify this access profile, provide the JWT claim key here. Learn more Only application if auth_type is `jwt` or `oidc`.
required_claims	array conditional	Provide a list of claims that you wish to enforce.Only application if auth_type is `jwt` or `oidc`.
allowed_issuers	array conditional	Provide a list of issuers (`iss` value in JWT claims) that you wish to allow. Leave If `iss` claim is enforced in required_claims, leave this blank to require any `iss` value. Only application if auth_type is `jwt` or `oidc`.

Sample request (Auth token)

shell

curl  -X PUT 'https://www.workato.com/api/api_access_profiles/27894'\
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
  	          "name": "Sales team",
  	          "api_collection_ids": [1391, 1388],
              "auth_type": "token",
  	          "active": true,
              "ip_allow_list": ["192.168.0.1", "192.168.0.0/20"]
           }'

Update an API key

Update an existing API key for an API client.

PUT /api/v2/api_clients/:api_client_id/api_keys/:api_key_id

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client associated with the API key.
api_key_id	string required	ID of the API key to update.

Payload

Name	Type	Description
name	string optional	Updated name of the API key.
ip_allow_list	array optional	Updated list of IP addresses to allow requests from.
ip_deny_list	array optional	Updated list of IP addresses to deny requests from.

Sample request

shell

curl  -X PUT 'https://www.workato.com/api/v2/api_clients/933084/api_keys/2454' \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \
      -d '{
              "name": "Mustard Inc.",
              "ip_allow_list": ["8.8.8.8/24"],
              "ip_deny_list": ["192.168.0.0/16"]
          }'

Response

json

{
    "data": {
        "id": 37326,
        "name": "Mustard Inc.",
        "auth_type": "token",
        "ip_allow_list": ["8.8.8.8/24"],
        "ip_deny_list": ["192.168.0.0/16"],
        "active": false,
        "active_since": "2025-02-12T08:41:44+05:30",
        "auth_token": "db5f"
    }
}

Enable an access profile

Enable an access profile belonging to an API client. Enabling an access profile will allow API calls to be accepted with the enabled profile.

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Enable an API key endpoint before this date to ensure uninterrupted service.

This call returns success or error messages for Unauthorized/Bad requests.

PUT /api/api_access_profiles/:api_access_profile_id/enable

Path parameters

Name	Type	Description
api_access_profile_id	string required	ID of the access profile.

Sample request (Auth token)

shell

curl  -X PUT https://www.workato.com/api/api_access_profiles/1213/enable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

Enable API key

Enable an API key for an API client.

PUT /api/v2/api_clients/:api_client_id/api_keys/:api_key_id/enable

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client that owns the API key.
api_key_id	string required	ID of the API key to enable.

Sample request

shell

curl  -X PUT 'https://www.workato.com/api/v2/api_clients/933084/api_keys/2454/enable' \
      -H 'Authorization: Bearer <api_token>'

Response

json

{
    "success": true
}

Disable an access profile

Disable an access profile belonging to an API client. Disabling an access profile will stop allowing API calls to be accepted with the access profile.

This call returns success or error messages for Unauthorized/Bad requests.

PUT /api/api_access_profiles/:api_access_profile_id/disable

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Disable an API key endpoint before this date to ensure uninterrupted service.

Path parameters

Name	Type	Description
api_access_profile_id	string required	ID of the access profile.

Sample request (Auth token)

shell

curl  -X PUT https://www.workato.com/api/api_access_profiles/1213/disable \
      -H 'Authorization: Bearer <api_token>' \
      -H 'Content-Type: application/json' \

Disable API key

Disable an API key for an API client.

PUT /api/v2/api_clients/:api_client_id/api_keys/:api_key_id/disable

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client that owns the API key.
api_key_id	string required	ID of the API key to disable.

Sample request

shell

curl  -X PUT 'https://www.workato.com/api/v2/api_clients/933084/api_keys/2454/disable' \
      -H 'Authorization: Bearer <api_token>'

Response

json

{
    "success": true
}

Refresh token/secret

Refreshes the auth token or OAuth 2.0 client secret. This endpoint will fail if the authorization type on the access profile is JWT.

DEPRECATION NOTICE

This endpoint is planned for deprecation on December 1, 2025. Transition to the new Refresh API key secret endpoint before this date to ensure uninterrupted service.

The response returned depends on the authorization type of the access profile (Auth token or OAuth 2.0).

Auth token authorization will return a new auth token in the secret response
OAuth 2.0 authorization will return a new client ID and secret in oauth_client_id and oauth_client secret

PUT /api/api_access_profiles/:access_profile_id/refresh_secret

Path parameters

Name	Type	Description
access_profile_id	string required	API access profile ID

Response (Auth token)

json

{
    "id": 26962,
    "name": "Sales team",
    "api_client_id": 1255,
    "api_collection_ids": [
        1391
    ],
    "active": true,
    "auth_type": "token",
    "jwt_method": null,
    "jwt_secret": null,
    "oauth_client_id": null,
    "oauth_client_secret": null,
    "secret": "xxxxxxxxxxx",
    "created_at": "2020-07-31T09:10:03.310-07:00",
    "updated_at": "2020-08-05T06:08:46.290-07:00"
}

Refresh API key secret

Refresh the authentication token or OAuth 2.0 client secret for an API key.

PUT /api/v2/api_clients/:api_client_id/api_keys/:api_key_id/refresh_secret

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client that owns the API key.
api_key_id	string required	ID of the API key to refresh.

Sample request

shell

curl  -X PUT 'https://www.workato.com/api/v2/api_clients/933084/api_keys/3455/refresh_secret' \
      -H 'Authorization: Bearer <api_token>'

Response

json

{
    "data": {
        "id": 37326,
        "name": "Mustard Inc.",
        "auth_type": "token",
        "ip_allow_list": ["8.8.8.8/24"],
        "ip_deny_list": ["192.168.0.0/16"],
        "active": true,
        "active_since": "2025-02-12T08:44:37+05:30",
        "auth_token": "572d581d91860a7c6372e9390699e26ac5917ac2520e1a917fba43b56d11edbe"
    }
}

Delete API key

Delete an API key for an API client.

DELETE /api/v2/api_clients/:api_client_id/api_keys/:api_key_id

Path parameters

Name	Type	Description
api_client_id	string required	ID of the API client associated with the API key.
api_key_id	string required	ID of the API key to delete.

Sample request

shell

curl -X DELETE 'https://www.workato.com/api/v2/api_clients/933084/api_keys/3455' \
     -H 'Authorization: Bearer <api_token>'

Response

json

{
    "success": true
}

List API portals

List all API portals associated with API clients in your workspace.

GET /api/v2/api_portals

Sample request

shell

curl  -X GET 'https://www.workato.com/api/v2/api_portals' \
      -H 'Authorization: Bearer <api_token>'

Response

json

{
    "data": [
        {
            "id": 37,
            "user_id": 14487,
            "name": "IDEA Lifestyle",
            "subdomain": "idea",
            "brand_color": "#371093",
            "api_collection_ids": [
                6882
            ],
            "created_at": "2024-12-13T08:46:37.125+05:30",
            "updated_at": "2025-02-10T14:10:21.440+05:30",
            "logo": "https://workato-staging-assets.s3.amazonaws.com/api_portal/models/portals/logos/000/000/037/small/007.png?1734059797",
            "logo_2x": "https://workato-staging-assets.s3.amazonaws.com/api_portal/models/portals/logos/000/000/037/medium/007.png?1734059797"
        }
    ],
    "count": 1,
    "page": 1,
    "per_page": 100
}

List certificate bundles

List all certificate bundles.

GET /api/cert_bundles

Sample request

shell

curl -X GET https://www.workato.com/api/cert_bundles \
     -H 'Authorization: Bearer <api_token>'

Sample response

json

{
  "data": [
    {
      "id": 1,
      "name": "cert1",
      "cert_count": 3,
      "leaf_ca_cn": "intermediate_ca_two",
      "expires_at": "2025-04-10T18:49:20.000-07:00",
      "updated_at": "2025-03-27T02:03:56.045-07:00",
      "client_count": 1
    }
  ],
  "count": 1,
  "page": 1,
  "per_page": 20
}

Create a certificate bundle

Upload a new certificate bundle.

POST /api/cert_bundles

Payload

Name	Type	Description
cert_bundle_pem	file required	PEM-formatted certificate file.
name	string optional	Name of the bundle. Defaults to uploaded filename.

Sample request

shell

curl -X POST https://www.workato.com/api/cert_bundles \
     -H 'Authorization: Bearer <api_token>' \
     -F "cert_bundle_pem=@bundle.pem" \
     -F "name=Production cert"

Update a certificate bundle

Update a certificate bundle by ID.

PUT /api/cert_bundles/:certificate_bundle_id

Path parameters

Name	Type	Description
certificate_bundle_id	string required	ID of the certificate bundle to update.

Payload

Name	Type	Description
cert_bundle_pem	file optional	PEM-formatted certificate file.
name	string optional	New name for the bundle.

Sample request

shell

curl -X PUT https://www.workato.com/api/cert_bundles/1 \
     -H 'Authorization: Bearer <api_token>' \
     -F "cert_bundle_pem=@updated_bundle.pem" \
     -F "name=Updated cert name"

Delete a certificate bundle

Delete a certificate bundle by ID.

DELETE /api/cert_bundles/:certificate_bundle_id

Path parameters

Name	Type	Description
certificate_bundle_id	string required	ID of the certificate bundle to delete.

Sample request

shell

curl -X DELETE https://www.workato.com/api/cert_bundles/1 \
     -H 'Authorization: Bearer <api_token>'

Sample response

json

{
  "success": true
}

Download a certificate bundle

Download a certificate bundle by ID.

GET /api/cert_bundles/:certificate_bundle_id/download

Path parameters

Name	Type	Description
certificate_bundle_id	string required	ID of the certificate bundle to download.

Sample request

shell

curl -X GET 'https://www.workato.com/api/cert_bundles/1/download' \
     -H 'Authorization: Bearer <api_token>' \
     -o cert_bundle.pem

Last updated:

API platform ​

Rate limits ​

Quick reference ​

List API collections ​

Query parameters ​

Response ​

Create an API collection ​

Query parameters ​

Payload ​

Sample request ​

Response ​

List API endpoints ​

Query parameters ​

Sample request ​

Response ​

Enable an API endpoint ​

Path parameters ​

Sample request ​

Disable an API endpoint ​

Path parameters ​

Sample request ​

List API clients ​

Response ​

List API clients (v2) ​

Query parameters ​

Sample request ​

Response ​

Create an API client ​

Query parameters ​

Payload ​

Sample request ​

Response ​

Create an API client (v2) ​

Payload ​

Sample request ​

Response ​

Get API client ​

Path parameters ​

Sample request ​

Response ​

Update API client ​

Path parameters ​

Payload ​

Sample request ​

Response ​

Delete API client ​

Sample request ​

Response ​

List access profiles ​

Query parameters ​

Sample request ​

Response ​

List API keys ​

Path parameters ​

Sample request ​

Response ​

Create an access profile ​

Query parameters ​

Payload ​

Sample request (Auth token) ​

Sample request (JWT RSA) ​

Response (Auth token) ​

Create an API key ​

Path parameters ​

Payload ​

Sample request ​

Response ​

Update an access profile ​

Path parameters ​

Payload ​

Sample request (Auth token) ​

Update an API key ​

Path parameters ​

Payload ​

Sample request ​

Response ​

Enable an access profile ​

Path parameters ​

Sample request (Auth token) ​

Enable API key ​

API platform

Rate limits

Quick reference

List API collections

Query parameters

Response

Create an API collection

Query parameters

Payload

Sample request

Response

List API endpoints

Query parameters

Sample request

Response

Enable an API endpoint

Path parameters

Sample request

Disable an API endpoint

Path parameters

Sample request

List API clients

Response

List API clients (v2)

Query parameters

Sample request

Response

Create an API client

Query parameters

Payload

Sample request

Response

Create an API client (v2)

Payload

Sample request

Response

Get API client

Path parameters

Sample request

Response

Update API client

Path parameters

Payload

Sample request

Response

Delete API client

Sample request

Response

List access profiles

Query parameters

Sample request

Response

List API keys

Path parameters

Sample request

Response

Create an access profile

Query parameters

Payload

Sample request (Auth token)

Sample request (JWT RSA)

Response (Auth token)

Create an API key

Path parameters

Payload

Sample request

Response

Update an access profile

Path parameters

Payload

Sample request (Auth token)

Update an API key

Path parameters

Payload

Sample request

Response

Enable an access profile

Path parameters

Sample request (Auth token)

Enable API key