Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
MajoMartinez
Product and Topic Expert
Product and Topic Expert
2,764
In this third part, you'll learn how to configure a Technical Authentication to trigger Workflow Instances in the Cloud Foundry environment through other applications. This is a team work, big thanks to Javier García for working this out with me 🙂

Find here the previous part of this blog post about deploying a Workflow Project and configuring a Mail Destination for Mail Tasks.

After deploying your Workflow project, go to the Service Keys within your Workflow Service in the Cockpit. Here you’ll find relevant info about your Workflow API Endpoints, URL, clientid, clientsecret, etc.

You can check in your command prompt / terminal the access token with this command:

On Windows:
curl ^-X POST ^<url>/oauth/token?grant_type=client_credentials ^-u "<clientid>:<clientsecret>”

On Mac:
curl \
-X POST \
<url>/oauth/token?grant_type=client_credentials \
-u '<clientid>:<clientsecret>'

Your clientid is your user and your clientsecret is your password to authenticate and get the access token.

To start a Workflow Instance using technical authentication, you must prepare a JSON object (JSON file) that specifies the list of authorizations you want to grant to the OAuth2 client that is provided through the service instance, like:
{ "authorities": [ "WORKFLOW_INSTANCE_START", "MESSAGE_SEND" ] }

In my case I named the file config.json:

What you need to do now is to login to Cloud Foundry via the command prompt/terminal (CLI), point to the folder path where you have that JSON object and send this command line:
cf update-service <your workflow service instance name> -c <yourfile.json>

This is how it looks:

Now you have granted permission to start workflow instances from other applications.

To do it, you must POST the payload you want to send to your workflow endpoint: <workflow_rest_url>/v1/workflow-instances by putting the access token and content-type as application/json in your headers, like this:
URL = “https://api.workflow-sap.cfapps.us10.hana.ondemand.com/workflow-service/rest/v1/workflow-instances”
HEADERS = {'Authorization': “Bearer <access token>”, "Content-Type":"application/json"}

 

This is an example testing it out with Postman, getting the access token using the clientid and clientsecret as my username and password (it works with both: GET / POST):

[Update: check in the comments below an easier way to test it in Postman using OAuth 2.0 type credentials]



And triggering the workflow instance, using the access token as Authorization and posting a simple payload:

 

Here it goes an example of how to set up this configuration in a server app creating a Python function:
def triggerWorkflow():

s = requests.session()

URL = "<url>/oauth/token?grant_type=client_credentials" #you get this url from the Service Key

HEADERS = {'Authorization': "Basic <base64 cliendid and clientsecret credentials>"} #you get these credentials from the Service Key

r = s.get(url=URL,headers=HEADERS)

access_token = r.json()['access_token']
token = "Bearer {}".format(access_token)

URL = "<workflow_rest_url>/v1/workflow-instances" #you get this workflow_rest_url from the Service Key

HEADERS = {'Authorization': token, "Content-Type":"application/json"}

JSON = {
"definitionId": "<your workflow definitionId>",
"context": {
"product": "Camera",
"price": 100
}
}
r = s.post(url=URL,headers=HEADERS, json=JSON)

return r.status_code

 

You can find more info about the Workflow Service in the Cloud Foundry environment in this documentation, and about the Workflow APIs resources here.

In conclusion, you can now trigger Workflow Instances through other applications using a Technical Authentication. This will allow you to integrate your workflow with many other technologies 🙂
9 Comments