Using IFS REST Call delegate, we can send a request to a 3rd party endpoint and process the response in the workflow. Due the synchronous call and response handling capabilities, it’s a good alternative to IFS Connect for handling small scale integrations without doing any customizations.
IFS REST Call workflow delegate has a simple implementation and accepts following parameters.
- URLÂ (mandatory) – A HTTP or HTTPS endpoint that will return the desired JSON or XML data to parse
- Method (mandatory) – The Method to use on the endpoint
- Headers (optional) – Any headers that need to be included in the request
- Outputs (optional) – The variable key to put the retrieve data in and the path to the data
- Request Body (optional) – A request body if one is needed
This does not have advanced capabilities such as defining the authentication method but the good thing is, we can implement the authentication inside the workflow by our own. Just keep in mind that HTTP authentication is handled by the Authorization header, where the credentials are sent in the desired format by the server. Either the server accepts basic authentication or or bearer token, we can configure workflow to make the  Authorization header prior to the actual API call, and add with the request.
Basic Authentication
In the basic authentication, server asks for a username and password in a request to authenticate a user in a basic authentication scheme. This information is encoded using base64 encoding.
HTTP header format for basic authentication is: Authorization: Basic [BASE64 encoded username:password]
In the workflow, basic authentication can be created using a Script delegate. Below is a sample Javascript script to cerate the base64 encoded username and password and set to variable varAuthHeader
var Base64 = Java.type("java.util.Base64");
var Username = 'username';
var Password = 'password';
var UserNamePassword = Username + ':' + Password;
var base64 = Base64.getEncoder().encodeToString(UserNamePassword.getBytes());
var AuthHeader = 'Basic ' + base64;
execution.setVariable('varAuthHeader', AuthHeader);
In the IFS REST Call delegate, you can set the basic authentication header as follows
Bearer Token Authentication
With Bearer authentication scheme, client must make a request to an authentication endpoint to get a token prior to making the actual API call. Related to IFS workflows, obtaining the token is another IFS REST call. Following describes the steps of making the token request body, make the request and extract the token from the token response.
This guideline is based on OAuth2 protocol and with the Client Credentials flow. If your API requires other type of authentication, you need to make the token request according the protocol given by the API vendor.
Set Token Body
OAuth2 Authentication request body can be created using a simple Javascript script as below which assigns the request body to varAuthBody variable.
var ClientId = 'YOUR_CLIENT_ID';
var ClientSecret = 'CLIENT_SECRET';
var Scope= 'openid';
var GrantType = 'client_credentials';
var AuthBody = 'client_id=' + ClientId + '&' + 'client_secret=' + ClientSecret + '&' + 'grant_type=' + GrantType + '&' + 'scope=' + Scope;
execution.setVariable('varAuthBody', AuthBody );
Get OAuth2 Token
IFS REST call delegate can be used to send a POST request to the token endpoint to get the bearer token
OAuth2 bearer token is in following format. We can extract the access_token from the response JSON and assign to an output key AuthToken
{
"access_token": "eyJz93a...k4laUWw",
"token_type": "Bearer",
"expires_in": 86400
}Set Authorization Header
We can use the access token received from above step to prepare the Authorization header. For Bearer token, Authorization header is in format Bearer eyJz93a...k4laUWw. We can use a script task of type Javascript to create the authorization header.
var AuthToken = execution.getVariable("AuthToken");
var AuthHeader = 'Bearer ' + AuthToken;
execution.setVariable('varAuthHeader', AuthHeader);
Call the API with Authentication
Create a new IFS REST Call delegate and add a Header named Authorization. Set the content of the header as the varAuthHeader variable which we have created above.
That’s all you need to add authentication for your API call. Hope you find this post useful for the journey with IFS Cloud workflow creation. Please let me know your thoughts in the comments and share if you find it useful!
DSJ's Blog 
Hi,
Thank you very much for this information.
Do you know how I can authenticate to access IFS’s endpoints themselves in said workflows ?
I have a particular use case where I cannot use the IFS API option in BPMN, and I need to use a Rest Call towards my own instance.
Calling the API In the browser works perfectly fine (as long as I’m logged in to the Instance), but in the Workflow, If I don’t authenticate, I’m getting a 401 response.
The IFS API seems to use OpenID Connect for authentication.
<a href="https://https://<mydomain>.ifs.cloud/auth/realms/tghluat1/.well-known/openid-configuration
(where TGHLUAT1 is my system ID for what I’m testing above).
How would I configure the Workflow so that a logged in user can properly get the “token” equivalent so that when the workflow executes, the API replies with actual data and not with an unauthorized code?
Thank you for all your articles, I have a lot of Apps 10 experience and I’m currently learning Cloud for an upcoming migration, this has been extremely helpful 🙂
Regards,
Hi Simon,
I haven’t try to use REST call towards own instance but this should be possible.
You should be able to use the Service User Authentication (Client Credentials Flow) to authenticate with IFS and get an access token to make the REST call.
One thing to keep in mind in this setup is that, the request will be sent as a service user, not the logged in user.
Please check following blog post for more information on how to setup Service User Authentication in IFS Cloud.
Thank you!
This has worked, I followed your above example for OAuth authentication and got it to work exactly as you described 🙂
If that helps anyone coming accross this blog post, here are the notes I made during it for documentation (you’ll see this is based on the very helpful code you provided above):
IFS Rest API Authentication for oAuth:
https://YourDomain.ifs.cloud/auth/realms/YourSystemID/protocol/openid-connect/token
Hope that can help anyone coming accross this wondering the same thing.
Thank you Damith for your excellent blog!
Regards,
Awesome! Now I know it works 😎 Thanks for sharing the steps