- SAP Managed Tags:
Introduction
This Blog gives an introduction to the Advanced Workflow REST APIs and provides guidance on executing them from external applications in the GCP platform.
These APIs can be called from third-party applications to integrate with the Advanced Workflow application seamlessly. The Workflow REST APIs enable users to perform various operations on Workflow objects easily using standard HTTP methods: GET, POST, PUT, and DELETE.
This Blog assumes that you have prior knowledge and experience with the following SAP SPM applications:
- Advanced Workflow
- IAS
You will need to work with your team to get Administration permissions to these 2 applications on your GCP tenant to be able to run the examples explained in this blog.
You will also need to use a REST client to execute the Advanced Workflow REST APIs. The example provided in this document use 'Bruno' as the REST client.
In the old Legacy platform, Workflow REST APIs utilized the Basic Authentication mechanism with standard HTTP headers, meaning no handshakes were required. However, the user performing Workflow API calls needed to have admin rights in the Workflow system.
On the new GCP platform, authentication has been enhanced. All SPM applications, including Advanced Workflow, now use IAS OAuth2 for authentication. The IAS configuration is completed during the Workflow tenant provisioning, where a Client ID is set up which can be used for APIs authentication. This process will be explained in detail in the following sections of this document.
This document explains the following steps:
- Step 1: How to create a new Client Secret in IAS.
- Step 2: How to update the IAS Client ID in Advanced Workflow.
- Step 3: An example of how to call a Workflow REST API from a REST client (Bruno).
Step 1: Create a new Client Secret from IAS Admin Console
Log in to your IAS Admin console and open your Workflow OIDC application, which typically follows the naming convention “WF_OIDC_[TENANT]_App”:
Copy the Client ID shown on “Client Authentication” page:
Click on “Add” to create a new Secret from “Secrets” section on the same “Client Authentication” page:
On the new page, add a description (i.e.: Workflow API Client Secret) and keep the default values:
Click on Save:
After the new Client Secret is created you need to copy both the Client ID and Client Secret as you will need them later.
When this is done, you can proceed to the next step.
Step 2: Update IAS Client ID in Advanced Workflow
Log in to the Incentive Management Portal and navigate to Workflow application:
From Workflow go to Setup > USERS > Users:
From here, select a Workflow Administrator user and update the IAS Client ID field with the Client ID of your Workflow OIDC application from IAS (this is the same value you copied as described in the previous section):
Step 3: Call an Advanced Workflow REST API from a REST client (Bruno)
Now that you have your Client ID and Client Secret, and you’ve configured the IAS Client ID for your Workflow Admin user, you can call the Workflow REST APIs.
Before you begin, ensure you have the following information available:
Field | Example |
Workflow application internal host name | xg3-wf-sbox.workflow.cloud.sap |
IAS host name | [SAPI _IAS_HOSTNAME ].accounts.ondemand.com |
Client ID | dddde129-de6e-47c1-95fc-646b38259a7a |
Client Secret | XXXXXXXXXXXXXXXXXXXXXXXXXXXX |
Tenant | [GCP TENANT] |
First, you need to obtain a JWT access token using your Client ID and Client Secret.
Once you have the token, you can configure Bearer authentication to make calls to the Workflow REST API.
To get the JWT access token, send a POST request to:
https://<sap_ias_hostname>/oauth2/token
You need to use Basic Authorization passing these 2 values:
username | [Client ID] |
Password | [Client Secret] |
With these 2 Header parameters:
grant_type | client_credentials |
Domain | [Tenant] |
Now you can run the authentication REST API from Bruno to get the access token.
Bruno Example:
1. Authorization:
2. Header Params:
3. Response:
After obtaining the Access Token (refer to the previous section), you can use it to call the Workflow REST API. Include the token in your API header using Bearer authentication.
When calling the Workflow REST API you need to use the following Header parameters:
Content-Type | application/json |
domain | [Tenant] |
Authorization | Bearer [Access Token] |
Bruno Example:
For this example, we will call a Workflow REST API to retrieve a case using an existing Case Key by executing the GET cases Workflow REST API.
NOTE: Below you can find a link to the Workflow API documentation, which provides detailed information about all the Workflow REST APIs.
To get a Case using the Case Key you need to execute a GET request to:
https://<advanced_workflow_hostname>/wpm/api/cases/[case_key]
Headers:
Response:
The response of this REST API returns all the information of the case requested.
References:
Advanced Workflow REST API online documentation:
Bruno online documentation:
2 Comments
| User | Count |
|---|---|
| 6 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 |
