Incoming Webhooks
Overview
WorkflowGen features an incoming webhook application that allows users to interact with WorkflowGen from external sources by exchanging JSON payloads using HTTP POST requests. The application supports multiple types of operations, such as creating a new request, completing an action, and some process deployment operations like creating a new process from an XPDL.
Technical requirements
In addition to the standard WorkflowGen installation, the following components are required:
Node.js v18.18.2 (versions 8.2.2 and later) or v14.21.2 LTS (versions 8.2.1 and earlier)
Visual C++ Redistributable ✏️ Note: This library is required if you encounter the error
The specified module could not be found
regarding theedge
andedge-js
libraries when accessing the/wfgen/graphql
,/wfgen/hooks
, or/wfgen/scim
web apps.
For information on the installation procedure, see the WorkflowGen Technical Guide.
Configuration
Maximum query content length
The maximum query content length for incoming webhooks can be set by configuring the maxAllowedContentLength
property in the WorkflowGen web.config
file. The following example shows how to configure this property as 1 MB (note that the value should always be specified in bytes, so the value in the example is 1,024,000 bytes). The default value is 30,000,000 bytes.
Input file allowed folders
You can configure the local or remote folder paths where files used by FILE type parameters are located using the Input file allowed folders setting In the Webhooks section on the Configuration Panel Integration tab. (Alternately, you can add the folder names separated by commas to the HooksInputFileAllowedFolders
parameter in the WorkflowGen web.config
file.)
When using file uploads, you don't need to include the original file folder.
To disallow input file allowed folders, leave this field empty (or the parameter undefined). To allow certain folders only, enter comma-separated values according to the table below:
Input file allowed HTTP URLs
You can configure allowed HTTP URLs for input files using the Input file allowed HTTP URLs setting in the Webhooks section on the Control Panel Integration tab. (Alternately, you can add the folder names separated by commas to the HooksInputFileAllowedHttpUrls
parameter in the WorkflowGen web.config
file.)
To disallow file uploads using HTTP and/or HTTPS URLs, leave the field empty (or the parameter undefined). To allow certain URLs only, enter comma-separated values according to the table below:
Maximum input file size
In the Webhooks section on the Integration tab in the Administration Module Configuration Panel, enter the maximum input file size in kilobytes in the Maximum input file size (kB) field.
Alternately, you can set the maximum input file content size in kilobytes as the value of the HooksMaxInputFileSize
parameter in the WorkflowGen web.config
file.
Maximum input file content size
When working with FILE type parameters content encoded in base64, you must enter the maximum input file content size in kilobytes in the Maximum input file content size (kB) field in the Webhooks section on the Integration tab in the Administration Module Configuration Panel.
Alternately, you can set the maximum input file content size in kilobytes as the value of the HooksMaxInputFileContentSize
parameter in the WorkflowGen web.config
file.
FILE type data content is only recommended for small files under 1 MB.
Performance tuning
WorkflowGen is installed with the following default webhooks settings (located under iisnode
in \wfgen\hooks\web.config
):
With these settings, only one node.exe
instance will handle HTTP requests. This should be sufficient in most cases, but you can optimize performance if needed by adjusting these values based on the number of potential concurrent requests.
Creating an incoming webhook application
To create a new incoming webhook application in your WorkflowGen application, click the Add Application button on the Applications page. Then, choose Incoming webhook from the Application type drop-down list, enter the Name and Description, and click Save.
The Applications page will now display your incoming webhook application information, including the application URL. This is the URL you should use to send WorkflowGen incoming webhooks. The last component of this URL corresponds to a token that WorkflowGen will use to identify your incoming webhooks.
You should fill in the Impersonate username textbox with the WorkflowGen username you use to perform your desired operations. Be aware that your impersonated user must have your asked-operation-required rights to complete the action; if not, you will receive a security error on your response payload. As well, if the impersonate username is not set, the workflow engine service default identity will be used (as defined in the Security section on the Integration tab in the Configuration Panel).
The generated URL and its associated token must remain private and not exposed to end-users in client-side (in JavaScript, for example). You should treat the token with the same level of security as you would a password.
If the token used in the incoming webhook URL is missing or invalid, a
404
status code will be returned. If the associated user is invalid, archived, or inactive, a403
status code will be returned. In both cases, the response will contain a descriptive error message.
Sending data in JSON
The incoming webhook application receives your HTTP POST request payload formatted as a JSON object.
Using the URL provided, you can post HTTP requests from external applications (e.g. Postman) to WorkflowGen in order to execute the available operations in your WorkflowGen application. For operations that require you to provide an object ID, the object ID value can be retrieved by using the GraphQL API. In most cases, object numbers can be used instead of IDs in operation payloads.
In case of an error, you will get a response payload providing error details such as:
Curl example
The requests should respect the structure shown in this example, where operation
refers to the name of the operation to execute, and args
contains the input
node that groups all of the request parameters to perform the operation.
To create a new request, the processName
parameter is required. The processVersion
parameter is optional and is used to find the correct process you want to use to create your request.
Request payload:
Response payload:
The response payload will be structured as follows:
Parameters
OpenAPI v2 endpoints
As of version 7.17.0, incoming webhooks now offer a new endpoint that supports the OpenAPI v2 specification for operation definitions and another endpoint for operation execution. This allows for seamless integration with other OpenAPI-ready solutions such as Swagger, Microsoft Flow, Azure Logic Apps and Postman.
Webhook operation definitions
Use this endpoint to retrieve webhook operation definitions based on the OpenAPI v2 specification (in JSON format).
Webhook operation execution
Use this endpoint to execute a webhook operation using HTTP POST, replacing :operation
with the name of the incoming webhook operation (e.g. createRequest
).
Required parameters
:operation
: Name of the incoming webhook operation defined in the URI ✏️ Note: The operation name is not required inside the request payload.x-wfgen-hooktoken
: Webhook token value specified in the HTTP request header, which is the same token value as used in a classic incoming webhooks URLProperties with an asterisk
*
next to their name
Other required or optional parameters specific to the webhook operation might be needed.
Request operations
Create a new request
To create a new request from the webhooks API, make sure that sub-process mode is enabled with public access on the target process. (See the Process form section in the WorkflowGen Administration Guide for more information.)
Request payload:
Response payload:
A parameter's array can be included in the createRequest
operation payload. Be aware that a data with the same name and data type must previously exist in the process for each parameter in the array to store the parameter's value. The following example shows how to send parameters corresponding to the four supported data types (TEXT, NUMERIC, DATETIME, and FILE).
Request payload:
Response payload:
Properties
Update a request dataset
A request dataset context can be updated by adding a parameter array. In this case a request number or a request ID should be provided.
This operation requires users to have system access to perform it. This can be configured in the System operations allowed users field under Security on the Integration tab in the Configuration Panel.
Request payloads:
Response payload:
For more information on FILE parameter manipulations when sent within incoming webhook payloads, see the File upload section.
Properties
Cancel a request
You can cancel a request by using the request number or the request ID.
Request payloads:
Response payload:
Properties
Delete a request
A request can be deleted by using the request number or the request ID.
Request payloads:
Response payload:
Properties
Action operations
Complete an action
To complete an action, provide the request number and the action number, or the action ID.
Request payloads:
Response payload:
To complete an action, a parameter array can be included in the request payload arguments.
Request payload:
Response payload:
Properties
Complete a form action
Request payload:
Response payload:
Properties
Cancel an action
To cancel an action, provide the request number and the action number, or the action ID. The following conditions must be met:
The viewer and the user (if they don't share the same identity, as in delegation mode) must have access to the request.
The action must be open.
The action must have a cancel or default exception defined in the transition.
The viewer is:
an administrator or process folder manager OR
a supervisor with cancellation rights OR
the action assignee.
Request payloads:
Response payload:
Properties
Cancel a request's actions by name
All of the actions with the same name in a request can be cancelled at the same time by using their name in this operation payload. The following conditions are met:
The viewer and the user (if they do not share the same identity, as in delegation mode) must have access to the request.
The action must be open.
The action must have a cancel or default exception defined in the transition.
The viewer is:
an administrator or a process folder manager OR
a supervisor with cancellation rights OR
the action assignee.
Request payload:
Response payload:
Properties
Assign an action
To assign an action, provide the request number and the action number, or the action ID; you must also provide the assigneeUserName
or the assigneeId
.
Request payloads:
Response payload:
Properties
Cancel an action assignment
To cancel an action assignment, you should provide the request number and the action number, or the action ID.
Request payloads:
Response payload:
Properties
End-user operations
Create a new favorite
The incoming webhook application lets users add processes and views to their favorites lists using the process or view IDs.
Request payload:
The above code will create a favorite using the process or view description, but adding a custom description is also possible, as shown in the following example:
Request payload:
Response payload:
Properties
Update a favorite
The incoming webhook application lets users update an existing favorite process or view by using its favorite ID.
Request payload:
Response payload:
Properties
Delete a favorite
The incoming webhook application lets users delete an existing favorite process or view from their favorites list by using its favorites ID.
Request payload:
Response payload:
Properties
Add a comment
The incoming webhook application lets users add comments to requests. This operation requires that the portal comments feature be enabled.
Request payload:
Response payload:
Properties
Update a comment
Users can update comments if they are administrators, process manager of the process or process supervisor, or standard users who are members of the process participants, have write permissions, and are the comment author. This operation requires that the portal comments feature be enabled.
Request payload:
Response payload:
Properties
Remove a comment
The incoming webhook application lets users remove comments from requests. This operation requires that the portal comments feature be enabled.
Request payload:
Response payload:
Properties
Delegation operations
Create a delegation
Standard users can only create delegations for themselves; only administrators can create a delegation for another user. This operation requires that the portal delegation feature be enabled.
Request payload:
Response payload:
Properties
Update a delegation
Standard users can only update delegations for themselves; only administrators can update a delegation for another user. This operation requires that the portal delegation feature be enabled.
Request payload:
Response payload:
Properties
Delete a delegation
Standard users can only delete their own delegations; only administrators can delete another user's delegations. This operation requires that the portal delegation feature be enabled.
Request payload:
Response payload:
Properties
Category operations
Create a new category
Only administrators can create a category.
Request payload:
Response payload:
Properties
Update a category
Only administrators can update a category.
Request payload:
Response payload:
Properties
Delete a category
Only administrators can delete a category.
Request payload:
Response payload:
Properties
Process folder operations
Create a new process folder
Only administrators can create a process folder.
Request payload:
Response payload:
Properties
Update a process folder
Only administrators and the process folder manager can update a process folder.
Request payload:
Response payload:
Properties
Delete a process folder
Only administrators can delete a process folder.
Request payload:
Response payload:
Properties
Process operations
Create a new process
This operation creates a process from the process properties. The process name, description, and folder identifier or name are required.
Request payloads:
Response payload:
Properties
Create a new process from an XPDL
A process can be created from its XPDL definition.
Request payload:
Response payload:
Properties
Update a process
This operation updates process properties from the process identifier.
Request payload:
Response payload:
Properties
Update a process from an XPDL
A process can be updated from its XPDL definition. The .xml
file is uploaded by using the multipart file upload feature as shown below.
Request payload:
Response payload:
Properties
Delete a process
A process can be deleted by using the process identifier.
Request payload:
Response payload:
Properties
Participant operations
Create a new global participant
Request payload:
Response payload:
Properties
Update a global participant
Request payload:
Response payload:
Properties
Delete a global participant
Request payload:
Response payload:
Properties
Add a new process participant profile
To be used with global participant
only.
Request payload:
Response payload:
Properties
Update a process participant profile
To be used with global participant
only.
Request payload:
Response payload:
Properties
Remove a process participant profile
To be used with global participant
only.
Request payload:
Response payload:
Properties
Create a new local process participant
Request payload:
Response payload:
Properties
Update a local process participant
Request payload:
Response payload:
Properties
Delete a local process participant
Request payload:
Response payload:
Properties
Application operations
Create an application
Only administrators can create a workflow application.