Client Certificates are the recommended mechanism for authorizing invokes of Workflows via REST API.
Managing Client Certificates
Access the API Keys Management Pane by clicking on your Site name in the left-hand menu and then choosing API Keys.
+ to generate a new API Key, then choose
New Certificate-based Key
Provides a unique name for the key. When a invoked using a key, the
InitialisationXml Property will indicate the key that was used in the form
Key: your-key-name in the
Keys can be disabled as necessary. Note that it may take up to five minutes for a disabled key to stop working.
Upload the public key of the certificate (
.cer file) you would like to use to authorize API calls.
Once uploaded, the thumbprint of the certificate will be shown.
Select the Workflows that will be permitted to execute against this Key. Note that only Workflows that are bound to a REST template are displayed in this list. Flowgear will only authorize the Key against the selected Workflows.
Providing a Client-side Certificate in an API call
When invoking the Flowgear API, you must provide the client-side certificate that is associated with the appropriate API Key.
On Windows, we recommend that you install the certificate into the certificate store and then access the certificate by its thumbprint. This certificate must then be referenced in the client-side code so that it is used to establish the TLS session.