OAuth2
WorkfloPlus uses OAuth2 exclusively*1 for authentication across all of its APIs.
More details as to the approaches and advantages that make OAuth2 a very good option for authentication can be found online, the primary source being the IETFs own memo.
A developer or systems integrator working on an integration to WorkfloPlus will need to follow a 2 stage process in order to access WorkfloPlus APIs
- Request or load a token
- Make a request to an API using that token
1. Accessing a token
Tokens can be requested from the Identity Server; in order to gain a token you must provide valid credentials. Once signed in to WorkfloPlus you can request a token from the developer tools page, however, manually requesting a token is not a useful approach for enabling an integration - you will want your integration to be able to request tokens from an API as they are needed.
The good news is that that API exists, however, for security reasons you cannot practicably access that API using your user credentials. Instead the recommended approach is to create a machine to machine (M2M) client, these clients are very similar to a user, they are enabled with one or more permissions that define what they are and aren’t allowed to do, however, whilst a user in WorkfloPlus represents a person, an M2M client represents a tool/product/integration that is permitted to interface with WorkfloPlus.
2. Make an API Request
Once you have either generated a new token or loaded an existing token you’ll need to include it in your request within a header of the form
{
"Authorization": "Bearer {token}"
}
Footnotes
*1 with the exception of the Query API, more information can be found in the Query API section