Links

Incoming Webhooks

Overview

WorkflowGen features an incoming webhook application that allows users to interact with WorkflowGen from external sources by exchanging JSON payloads using HTTP POST requests. The application supports multiple types of operations, such as creating a new request, completing an action, and some process deployment operations like creating a new process from an XPDL.

Technical requirements

In addition to the standard WorkflowGen installation, the following components are required:
For information on the installation procedure, see the WorkflowGen Technical Guide.

Configuration

Maximum query content length

The maximum query content length for incoming webhooks can be set by configuring the maxAllowedContentLength property in the WorkflowGen web.config file. The following example shows how to configure this property as 1 MB (note that the value should always be specified in bytes, so the value in the example is 1,024,000 bytes). The default value is 30,000,000 bytes.
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="1024000" />
</requestFiltering>
</security>
</system.webServer>

Input file allowed folders

You can configure the local or remote folder paths where files used by FILE type parameters are located using the Input file allowed folders setting In the Webhooks section on the Configuration Panel Integration tab. (Alternately, you can add the folder names separated by commas to the HooksInputFileAllowedFolders parameter in the WorkflowGen web.config file.)
When using file uploads, you don't need to include the original file folder.
To disallow input file allowed folders, leave this field empty (or the parameter undefined). To allow certain folders only, enter comma-separated values according to the table below:
Value
Description
Empty
No folders allowed
*
All folders allowed
c:\*
All folders on drive c:
c:\Inetpub\*
All subfolders in a specific folder
c:\Inetpub\folder*
All c:\Inetpub folders whose names start with folder 📌 Examples:
  • c:\Inetpub\folder1
  • c:\Inetpub\folder1\abc
  • c:\Inetpub\folder2
c:\Inetpub\folder2\abc\def
Specific folder only

Input file allowed HTTP URLs

You can configure allowed HTTP URLs for input files using the Input file allowed HTTP URLs setting in the Webhooks section on the Control Panel Integration tab. (Alternately, you can add the folder names separated by commas to the HooksInputFileAllowedHttpUrls parameter in the WorkflowGen web.config file.)
To disallow file uploads using HTTP and/or HTTPS URLs, leave the field empty (or the parameter undefined). To allow certain URLs only, enter comma-separated values according to the table below:
Value
Description
Empty
No HTTP or HTTPS URLs allowed
*
All HTTP and HTTPS URLs allowed
https://*
HTTPS URLs only
http://*
HTTP URLs only
http://mydomain/*
HTTP from a specific domain only
http://mydomain/folder/*
HTTP from a specific folder only
http://mydomain/folder*
All files and folders whose names start with folder 📌 Examples:
  • http://mydomain/folderfile.jpg
  • http://mydomain/folder/file.jpg
  • http://mydomain/folder2/file.jpg
http://mydomain/folder/file.jpg
Specific file only

Maximum input file size

In the Webhooks section on the Integration tab in the Administration Module Configuration Panel, enter the maximum input file size in kilobytes in the Maximum input file size (kB) field.
Alternately, you can set the maximum input file content size in kilobytes as the value of the HooksMaxInputFileSize parameter in the WorkflowGen web.config file.

Maximum input file content size

When working with FILE type parameters content encoded in base64, you must enter the maximum input file content size in kilobytes in the Maximum input file content size (kB) field in the Webhooks section on the Integration tab in the Administration Module Configuration Panel.
Alternately, you can set the maximum input file content size in kilobytes as the value of the HooksMaxInputFileContentSize parameter in the WorkflowGen web.config file.
FILE type data content is only recommended for small files under 1 MB.

Performance tuning

WorkflowGen is installed with the following default webhooks settings (located under iisnode in \wfgen\hooks\web.config):
nodeProcessCountPerApplication="1"
maxConcurrentRequestsPerProcess="1024"
With these settings, only one node.exe instance will handle HTTP requests. This should be sufficient in most cases, but you can optimize performance if needed by adjusting these values based on the number of potential concurrent requests.

Creating an incoming webhook application

To create a new incoming webhook application in your WorkflowGen application, click the Add Application button on the Applications page. Then, choose Incoming webhook from the Application type drop-down list, enter the Name and Description, and click Save.
The Applications page will now display your incoming webhook application information, including the application URL. This is the URL you should use to send WorkflowGen incoming webhooks. The last component of this URL corresponds to a token that WorkflowGen will use to identify your incoming webhooks.
You should fill in the Impersonate username textbox with the WorkflowGen username you use to perform your desired operations. Be aware that your impersonated user must have your asked-operation-required rights to complete the action; if not, you will receive a security error on your response payload. As well, if the impersonate username is not set, the workflow engine service default identity will be used (as defined in the Security section on the Integration tab in the Configuration Panel).
  • The generated URL and its associated token must remain private and not exposed to end-users in client-side (in JavaScript, for example). You should treat the token with the same level of security as you would a password.
  • If the token used in the incoming webhook URL is missing or invalid, a 404 status code will be returned. If the associated user is invalid, archived, or inactive, a 403 status code will be returned. In both cases, the response will contain a descriptive error message.

Sending data in JSON

The incoming webhook application receives your HTTP POST request payload formatted as a JSON object.
Using the URL provided, you can post HTTP requests from external applications (e.g. Postman) to WorkflowGen in order to execute the available operations in your WorkflowGen application. For operations that require you to provide an object ID, the object ID value can be retrieved by using the GraphQL API. In most cases, object numbers can be used instead of IDs in operation payloads.
In case of an error, you will get a response payload providing error details such as:
{
"error": "Advantys.Workflow.ServiceFacade: CreateRequest error: A process ID or name is required"
}

Curl example

The requests should respect the structure shown in this example, where operation refers to the name of the operation to execute, and args contains the input node that groups all of the request parameters to perform the operation.
To create a new request, the processName parameter is required. The processVersion parameter is optional and is used to find the correct process you want to use to create your request.

Request payload:

curl -u yourusername -X POST -H "Content-Type: application/json" -d '{
"operation": "createRequest",
"args": {
"input": {
"processName": "2_LEVELS_APPROVAL",
"processVersion": 1
}
}
}' http://localhost/wfgen/hooks/yourtoken

Response payload:

The response payload will be structured as follows:
{
"clientMutationId": null,
"requestId": "UmVxdWVzdDoxNzI4",
"number": 10,
"onBehalfOf": null,
"onBehalfOfUserName": null
}

Parameters

Parameter
Description
processName
Process name (required)
processVersion
Process version, used to find the correct process you want to use to create the request
clientMutationId
This parameter will be null if the request creator did not define it in the request payload
requestId
ID of newly created request
number
Number of newly created request
onBehalfOf
This parameter contains the delegator ID; however, if the request was not created in delegation mode, its value will be null
onBehalfOfUserName
This parameter contains the delegator username; however, if the request was not created in delegation mode, its value will be null

OpenAPI v2 endpoints

As of version 7.17.0, incoming webhooks now offer a new endpoint that supports the OpenAPI v2 specification for operation definitions and another endpoint for operation execution. This allows for seamless integration with other OpenAPI-ready solutions such as Swagger, Microsoft Flow, Azure Logic Apps and Postman.

Webhook operation definitions

Use this endpoint to retrieve webhook operation definitions based on the OpenAPI v2 specification (in JSON format).
URI: /wfgen/hooks/openapi/v2

Webhook operation execution

Use this endpoint to execute a webhook operation using HTTP POST, replacing :operation with the name of the incoming webhook operation (e.g. createRequest).
URI: /wfgen/hooks/operations/:operation

Required parameters

  • :operation: Name of the incoming webhook operation defined in the URI ✏️ Note: The operation name is not required inside the request payload.
  • x-wfgen-hooktoken: Webhook token value specified in the HTTP request header, which is the same token value as used in a classic incoming webhooks URL
  • Properties with an asterisk * next to their name
Other required or optional parameters specific to the webhook operation might be needed.

Request operations

Create a new request

To create a new request from the webhooks API, make sure that sub-process mode is enabled with public access on the target process. (See the Process form section in the WorkflowGen Administration Guide for more information.)

Request payload:

{
"operation": "createRequest",
"args": {
"input": {
"processName": "2_LEVELS_APPROVAL",
"processVersion": 1
}
}
}

Response payload:

{
"clientMutationId": null,
"requestId": "UmVxdWVzdDoxNzI4",
"number": 1728,
"onBehalfOf": null,
"onBehalfOfUserName": null
}
A parameter's array can be included in the createRequest operation payload. Be aware that a data with the same name and data type must previously exist in the process for each parameter in the array to store the parameter's value. The following example shows how to send parameters corresponding to the four supported data types (TEXT, NUMERIC, DATETIME, and FILE).

Request payload:

{
"operation": "createRequest",
"args": {
"input": {
"processName": "2_LEVELS_APPROVAL",
"processVersion": 1,
"parameters": [
{
"name": "TEXT",
"textValue": "My text parameter"
},
{
"name": "NUMERIC",
"numericValue": 5
},
{
"name": "DATE",
"dateTimeValue": "2017-02-23T20:46:00Z"
},
{
"name": "FILE",
"fileValue": {
"name": "TestFile.txt",
"contentType": "text/plain",
"size": 616,
"url": "file:///c:/TestFile.txt",
"updatedAt": "2017-02-21T15:06:38Z"
}
}
]
}
}
}

Response payload:

{
"clientMutationId": null,
"requestId": "UmVxdWVzdDoxNzY1",
"number": 1765,
"onBehalfOf": null,
"onBehalfOfUserName": null
}

Properties

Property
Type
Description
clientMutationId
String
Client mutation identifier
processId
Base64-encoded string
Process identifier with the pattern [Process:1] where 1 is the process identifier from the database
processName
String
Process name
processVersion
Int
Process version, used to find the correct process you want to use to create the request
isTest
Boolean
Indicates if the process is in test
parameters
Array
Array of parameters (see Parameter definitions)
onBehalfOf
Base64-encoded string
User identifier that is used by the user to perform the mutation on behalf of another person, with the pattern [User:1] where 1 is the user identifier from the database

Update a request dataset

A request dataset context can be updated by adding a parameter array. In this case a request number or a request ID should be provided.
This operation requires users to have system access to perform it. This can be configured in the System operations allowed users field under Security on the Integration tab in the Configuration Panel.

Request payloads:

{
"operation": "updateRequestDataset",
"args": {
"input": {
"number": 1750,
"parameters": [
{
"name": "NEW_PARAMETER",
"textValue": "My parameter"
}
]
}
}
}
{
"operation": "updateRequestDataset",
"args": {
"input": {
"id": "UmVxdWVzdDoxMDAw",
"parameters": [
{
"name": "NEW_PARAMETER",
"textValue": "My parameter"
}
]
}
}
}

Response payload:

{
"clientMutationId": null,
"requestId": "UmVxdWVzdDoxNzIx",
"parameters": [
{
"name": "NEW_PARAMETER",
"textValue": "My parameter"
}
]
}
For more information on FILE parameter manipulations when sent within incoming webhook payloads, see the File upload section.

Properties

Property
Type
Description
clientMutationId
String
Client mutation identifier
id
Base64-encoded string
Request identifier with the pattern [Request:1] where 1 is the request identifier from the database
number
Int
Request number
parameters
Array
Array of parameters (see Parameter definitions)

Cancel a request

You can cancel a request by using the request number or the request ID.

Request payloads:

{
"operation": "cancelRequest",
"args": {
"input": {
"number": 1728
}
}
}
{
"operation": "cancelRequest",
"args": {
"input": {
"id": "UmVxdWVzdDoxNzI4"
}
}
}

Response payload:

{
"clientMutationId": null,
"requestId": "UmVxdWVzdDoxNzI4",
"number": 1728,
"onBehalfOf": null,
"onBehalfOfUserName": null
}

Properties

Property
Type
Description
clientMutationId
String
Client mutation identifier
id
Base64-encoded string
Request identifier with the pattern [Request:1] where 1 is the request identifier from the database
number
Int
Request number
notifyParticipant
Boolean
Indicates if participant members have to be notified
onBehalfOf
Base64-encoded string
User identifier that is used by the user to perform the mutation on behalf of another person, with the pattern [User:1] where 1 is the user identifier from the database

Delete a request

A request can be deleted by using the request number or the request ID.

Request payloads:

{
"operation": "deleteRequest",
"args": {
"input": {
"number": 1728
}
}
}
{
"operation": "deleteRequest",
"args": {
"input": {
"id": "UmVxdWVzdDoxNzI4"
}
}
}

Response payload:

{
"clientMutationId": null
}

Properties

Property
Type
Description
clientMutationId
String
Client mutation identifier
id
Base64-encoded string
Request identifier with the pattern [Request:1] where 1 is the request identifier from the database
number
Int
Request number

Action operations

Complete an action

To complete an action, provide the request number and the action number, or the action ID.

Request payloads:

{
"operation": "completeAction",
"args": {
"input": {
"requestNumber": 1765,
"number": 1,
"parameters": [
{
"name": "NEW_PARAMETER",
"textValue": "My parameter"
}
]
}
}
}
{
"operation": "completeAction",
"args": {
"input": {
"id": "QWN0aW9uOjE3NTktLS0x"
}
}
}

Response payload:

{
"clientMutationId": null,
"actionId": "QWN0aW9uOjE3NTktLS0x",
"number": 1,
"requestNumber": 1759,
"onBehalfOf": null,
"onBehalfOfUserName": null
}
To complete an action, a parameter array can be included in the request payload arguments.

Request payload:

{
"operation": "completeAction",
"args": {
"input": {
"requestNumber": 1765,
"number": 1,
"parameters": [
{
"name": "NEW_PARAMETER",
"direction": "IN",
"type": "TEXT",
"textValue": "My parameter"
}
]
}
}
}

Response payload:

{
"clientMutationId": null,
"actionId": "QWN0aW9uOjE3NjUtLS0x",
"number": 1,
"requestNumber": 1765,
"onBehalfOf": null,
"onBehalfOfUserName": null
}

Properties

Property
Type
Description
clientMutationId
String
Client mutation identifier
id
Base64-encoded string
Action identifier with the pattern [Action:1---2] where 1 is the request identifier from the database and 2 is the action identifier from the database
requestNumber
Int
Request number
number
Int
Action number
activityName
String
Activity name
parameters
Array
Array of parameters (see Parameter definitions)
onBehalfOf
Base64-encoded string
User identifier that is used by the user to perform the mutation on behalf of another person, with the pattern [User:1] where 1 is the user identifier from the database

Complete a form action

Request payload:

{
"operation": "completeFormAction",
"args": {
"input": {
"requestNumber": 1765,
"number": 1,
"parameters": [
{
"name": "NEW_PARAMETER",
"textValue": "My parameter"
}
]
}
}
}

Response payload:

{
"clientMutationId": null,
"actionId": "QWN0aW9uOjE3NjUtLS0x",
"number": 1,
"requestNumber": 1765,
"onBehalfOf": null,
"onBehalfOfUserName": null
}

Properties

Property
Type
Description
clientMutationId
String
Client mutation identifier
id
Base64-encoded string
Action identifier with the pattern [Action:1---2] where 1 is the request identifier from the database and 2 is the action identifier from the database
requestNumber
Int
Request number
number
Int
Action number
activityName
String
Activity name
parameters
Array
Array of parameters (see Parameter definitions)
onBehalfOf
Base64-encoded string
User identifier used by the user to perform the mutation on behalf of another person with the pattern [User:1] where 1 is the user identifier from the database

Cancel an action

To cancel an action, provide the request number and the action number, or the action ID. The following conditions must be met:
  • The viewer and the user (if they don't share the same identity, as in delegation mode) must have access to the request.
  • The action must be open.
  • The action must have a cancel or default exception defined in the transition.
  • The viewer is:
    • an administrator or process folder manager OR
    • a supervisor with cancellation rights OR
    • the action assignee.

Request payloads:

{
"operation": "cancelAction",
"args": {
"input": {
"requestNumber": 1759,
"number": 2
}
}
}
{
"operation": "cancelAction",
"args": {
"input": {
"id": "QWN0aW9uOjEwMDAtLS0x"
}
}
}

Response payload:

{
"clientMutationId": null,
"actionId": "QWN0aW9uOjE3NTktLS0y",
"number": 2,
"requestNumber": 1759,
"onBehalfOf": null,
"onBehalfOfUserName": null
}

Properties

Property
Type
Description
clientMutationId
String
Client mutation identifier
id
Base64-encoded string
Action identifier with the pattern [Action:1---2] where 1 is the request identifier from the database and 2 is the action identifier from the database
requestNumber
Int
Request number
number
Int
Action number
type
String
Cancellation type:
  • CANCEL: Cancellation exception
  • ERROR: Error exception
exception: {
message*,
source
}
Object {
String, String }
Exception:
  • Exception message
  • Exception source
onBehalfOf
Base64-encoded string
User identifier used by the user to perform the mutation on behalf of another person with the pattern [User:1] where 1 is the user identifier from the database

Cancel a request's actions by name

All of the actions with the same name in a request can be cancelled at the same time by using their name in this operation payload. The following conditions are met:
  • The viewer and the user (if they do not share the same identity, as in delegation mode) must have access to the request.
  • The action must be open.
  • The action must have a cancel or default exception defined in the transition.
  • The viewer is:
    • an administrator or a process folder manager OR
    • a supervisor with cancellation rights OR
    • the action assignee.

Request payload:

{
"operation": "cancelRequestActionsByName",
"args": {
"input": {
"requestNumber": 4399,
"activityName": "Initiates"
}
}
}

Response payload:

{
"clientMutationId": null,
"actionIds": [
"QWN0aW9uOjQzOTktLS0x",
"QWN0aW9uOjQzOTktLS0y",
"QWN0aW9uOjQzOTktLS0z"
],
"onBehalfOf": null,
"onBehalfOfUserName": null
}

Properties

Property
Type
Description
clientMutationId
String
Client mutation identifier
requestNumber
Int
Request number
activityName*
String
Activity name
type
String
Cancellation type:
  • CANCEL: Cancellation exception
  • ERROR: Error exception
exception: {
message*,
source
}
Object {
String, String }
Exception:
  • Exception message
  • Exception source
onBehalfOf
Base64-encoded string
User identifier used by the user to perform the mutation on behalf of another person with the pattern [User:1] where 1 is the user identifier from the database

Assign an action

To assign an action, provide the request number and the action number, or the action ID; you must also provide the assigneeUserName or the assigneeId.

Request payloads:

{
"operation": "assignAction",
"args": {
"input": {
"requestNumber": 1751,
"number": 2,
"assigneeUserName": "johnsmith"
}
}
}
{
"operation": "assignAction",
"args": {
"input": {
"id": "QWN0aW9uOjEwMDAtLS0x",
"assigneeId": "QXNzaWduZWU6MQ=="
}
}
}

Response payload:

{
"clientMutationId": null,
"actionId": "QWN0aW9uOjE3NTEtLS0y",
"number": 2,
"requestNumber": 1751,
"onBehalfOf": null,
"onBehalfOfUserName": null
}

Properties

Property
Type
Description
clientMutationId
String
Client mutation identifier
id
Base64-encoded string
Action identifier with the pattern [Action:1---2] where 1 is the request identifier from the database and 2 is the action identifier from the database
assigneeId*
Base64-encoded string
User identifier of the person assigned to the action with the pattern [User:1] where 1 is the user identifier from the database
requestNumber
Int
Request number
number
Int
Action number
onBehalfOf
Base64-encoded string
User identifier used by the user to perform the mutation on behalf of another person with the pattern [User:1] where 1 is the user identifier from the database

Cancel an action assignment

To cancel an action assignment, you should provide the request number and the action number, or the action ID.

Request payloads:

{
"operation": "cancelActionAssignment",
"args": {
"input": {
"requestNumber": 1751,
"number": 2
}
}
}
{
"operation": "cancelActionAssignment",
"args": {
"input": {
"id": "QWN0aW9uOjEwMDAtLS0x"
}
}
}

Response payload:

{
"clientMutationId": null,
"actionId": "QWN0aW9uOjE3NTEtLS0y",
"number": 2,
"requestNumber": 1751,
"onBehalfOf": null,
"onBehalfOfUserName": null
}

Properties

Property