API Keys are used to authorize invokes of Workflows via REST API

Creating and Managing Keys

Access the API Keys Management Pane by clicking on your Site name in the left-hand menu and then choosing API Keys.

Click + to generate a new API Key.


Provides a unique name for the key. When a invoked using a key, the InitialisationXml Property will indicate the key that was used in the form Key: your-key-name in the Username element.


Contains the generated key. Note that this key is only available when the key is first generated. If this key is lost it will be necessary to delete and re-create the key.


Keys can be disabled as necessary. Note that it may take up to five minutes for a disabled key to stop working.

Permitted Workflows

Select the Workflows that will be permitted to execute against this Key. Note that only Workflows that are bound to a REST template are displayed in this list. Flowgear will only authorize the Key against the selected Workflows.

Specifying a Key in an API call

API Keys can be provided via a querystring or via the Authorization HTTP Header.

Providing a Key in the URL querystring

Append the querystring auth-key to the request URL. For exampe, if you are invoking this Workflow:


Provide the API Key like this:


Providing a Key in the HTTP Authorization Header

Specify the Authorization header like this:

Authorization: Key=your-auth-key 

Did this answer your question?