PhixFlow Incoming API

Owned by Anthony George
Last updated: Jul 17, 2024 by Zoe Baldwin
10 min read

Overview

API endpoints can be set up in PhixFlow to enable external systems to make calls to PhixFlow.

API endpoints have a  icon on the Actionflow home screen.

Versions

This functionality has been enhanced between versions 10, 11 and 11.1.1+. Please refer to the relevant section below.

 Version 11.1.1+

Version 11.1.1+

Incoming API Setup

API Endpoint Setup

API endpoints must be made using the specific option on the  Actionflow homepage to ensure a URL is generated and a set of predefined input parameters are configured on the incoming connection point. 

  1. Create a new  API Endpoint on the  Actionflow homepage using the  option  
  2. Set a unique name and provide a useful description
  3. The API Endpoint  Properties will open on the right
    1. In the Basic Settings section, enable Allow Anonymous Connections

      1. This allows anyone with the URL for the API to call it. The audit trail records the system as running performing the API call.

         Adding authorisation is covered on 3.12 API Authentication and Secret Keys.

    2. Copy the URL and save it locally, to be used later when calling the API

      1. Example URL: https://app.phixflow.com/phixflow/api/1/action/MyApp/My%20API/trigger

      2.  Url Structure

        The structure of the URL is as follows:

        https://<<Server Name>>/phixflow/api/1/action/<<Application Name>>/<<Actionflow Name>>/trigger

        parameterdescription
        <<Server Name>>URL of the server e.g. app.phixflow.com
        phixflowthe name of the instance, typically this is phixflow
        <<Application Name>>The name of the application where the Actionflow resides.
        <<Actionflow Name>>The name of the actionflow set in Step 1. Note that if your actionflow has a space in the name this must be replaced with %20. For example "My API" becomes, "My%20API". 


        Note: In version 10, the URL structure differed, this old structure has been deprecated: https://<<Server Name>>/phixflow/api/1/action/<<Actionflow Name>>/trigger 
        Integrations using this old structure should be updated, however the URL structure will still work in version 11.

    3. Set the API Mode:
      1. Wait for result (Synchronous) (Default): The API waits for the results or the timeout to occur
        1. Note: If the timeout occurs the command is aborted
      2. Poll for result (Asynchronous): The API is called and a response is returned immediately including the process ID
        1. Subsequent API calls can be made using the process ID to fetch the status of the action
        2. The asynchronous mode can be thought of as “fire and forget”
    4. Set a Timeout (optional) (available in PhixFlow version 11.2+):

      1. Specify a maximum time in milliseconds that the API will wait for before the command is aborted

      2. When a Timeout value is set, it overrides the default timeout, which is 60 seconds where API Mode is Synchronous and 500 milliseconds where API Mode is Asynchronous

        1. However, if a timeout parameter has been provided in the URL calling this API, that will override both this Timeout value and the default value

  1.  Apply your changes
  2. Configure the Actionflow to perform the required tasks, for example return all company data , or pass in a date and return all companies onboarded after this date
    1. See Worked Example below for an example setup

Input and Output Attributes

 API Endpoints have fixed input attributes (body, headers, contentType and url), and fixed output attributes (body, headers, contentType and statusCode) which can be mapped to.

API Status Check (Poll for Result)

  1. If calling a PhixFlow Asynchronous API only, a result will be immediately returned which includes a Process ID for that run
  2. The Process ID is returned on the path:
    1. $.processId
    2. This can be accessed in an Output attribute using, _result.value
  3. The Process ID can be used to call the following URL which will return the current state of the run:
    1. https://<<Server Name>>/phixflow/api/1/action/<<Application Name>>/<<Actionflow Name>>/poll/<<processID>>

Calling a PhixFlow API

HTTP Method

This is set on the  HTTP action on the Actionflow calling the API.

  1. To call a PhixFlow API use the HTTP Method GET or POST:
    1. GET simply calls the API with data passed in the body of the request
    2. POST calls the URL and sends data in the body of the request. The body data is passed into the body attribute of the API as an Input Connection point

Returned Data JSON Path

If your API has been configured to return data the path will be in the format:

$.data.<<Output Name>> 

Where <<Output Name>> is the Output connection point.

Server Console Responses

The item calling the API endpoint will receive the Response from the API endpoint stating whether it has run successfully (Success) or not (Fail). Responses can be customised to return specific messages.

The response recorded in the  System Console:

If you are making the call using PhixFlow the Responses can be access as follows:

  1. Click the Actionflow entry
  2. In the Messages section which is opened below, double-click the lines that begin Response
  3. Click the Message Details tab to see the response

API Endpoint Results

To see the results of the API Endpoint processing in the  System Console:

  1. Click the Actionflow entry for the API Endpoint
  2. In the Messages section which is opened below, double-click any of the Messages to see more details
  3. If you are using a debug() statement these will appear here

Failures

An API Endpoint will fail if the logic in the Actionflow fails or if the error() function is used to force a failure.

If records are passed to the API Endpoint individually a failure will only impact the specific record being processed.

Error Codes

200

  • Occurs if the output of an API Endpoint is not connected

  • Occurs if the output is connected and a record is returned 

400

  • Occurs if the output is connected but no record is returned 

For a worked example, see 3.11 Setting up an API Endpoint.


 Version 11.0

Version 11

Incoming API Setup

To enable an actionflow as an incoming API, we need to define it as an end point and configure an incoming connection point with a set of predefined input parameters. These settings are described below:

Step 1 - Actionflow Properties

  1. Create an  Actionflow from the Actionflow home page
  2. Set a unique name and provide a useful description
    1. Note if using a pre 10.1 version of PhixFlow the name must be unique across all applications.
  3. When the Actionflow opens, on the toolbar click  Properties
  4. In the API section of the properties, enable API End-Point
    1. This turns the Actionflow into an incoming API.
  5. Enable Allow Anonymous Connections

    1. This allows anyone with the URL for the API to call it, the audit trail records the system as running performing the API call.

    2. Adding authorization is covered later on this page.
  6.  Apply your changes

Step 2 - Input Connection Point Input Parameters

Incoming APIs require a specific set of Input Parameters on the connection point.

  1. Click on the Connection Point In
  2. In the Properties that open, in the Input Parameters section add the following attributes, the names are case sensitive:
NameTypeDescription
bodyStringprovides the information sent in the body of the API call.
contentTypeStringProvides details of the Content Type
headersStringProvides the information sent in the API call header.
urlStringProvides the complete URL that was used to call the API. This can be used to pass parameters to the API.  

 Apply your changes

Step 3 - Configure your Actionflow

  1. Configure the Actionflow to perform the required tasks, for example return all company data , or pass in a date and return all companies onboarded after this date.
  2. If you wish to return data from the API, 
    1. Add a new Connection of type Output
      1. The name of the Output Connection Point will be used to retrieve the data as part of the path. This is covered in Calling a PhixFlow API below.
      2. Add the required Output Attributes i.e. the data you wish the API to return.

Calling a PhixFlow API

Step 4 - HTTP Method and API Mode

  1. HTTP Method
    1. To call a PhixFlow API use the HTTP Method GET or POST:
    2. GET simply calls the API with data passed in the body of the request.
    3. POST calls the URL and sends data in the body of the request. The body data is passed into the body attribute of the Actionflow setup above as an Input Connection point. 
  2. API Mode
    1. Wait for result (Synchronous) (Default): The API waits for the results or the timeout to occur. Note: If the timeout occurs the command is aborted.
    2. Poll for result (Asynchronous): The API is called and a response is returned immediately including the process ID. Subsequent API calls can be made using the process ID to fetch the status of the action. The asynchronous mode can be thought of as “fire and forget”.

Step 5 - API URL

The API URL can be found in the Actionflow Properties → API Section → URL value

Example URL: https://app.phixflow.com/phixflow/api/1/action/MyApp/My%20API/trigger

 Url Structure

The structure of the URL is as follows:

https://<<Server Name>>/phixflow/api/1/action/<<Application Name>>/<<Actionflow Name>>/trigger

parameterdescription
<<Server Name>>URL of the server e.g. app.phixflow.com
phixflowthe name of the instance, typically this is phixflow
<<Application Name>>The name of the application where the Actionflow resides.
<<Actionflow Name>>The name of the actionflow set in Step 1. Note that if your actionflow has a space in the name this must be replaced with %20. For example "My API" becomes, "My%20API". 


note: In version 10 the url structure differed, this old structure has been deprecated: https://<<Server Name>>/phixflow/api/1/action/<<Actionflow Name>>/trigger 
Integrations using this old structure should be updated, however the url structure will still work in version 11.

Step 5.1 - API Status Check (Poll for Result)

  1. If calling a PhixFlow Asynchronous API only, a result will be immediately returned which includes a Process ID for that run.
  2. The Process ID is returned on the path:
    1. $.processId
    2. This can be accessed in an Output attribute using, _result.value
  3. The Process ID can be used to call the following URL which will return the current state of the run:
    1. https://<<Server Name>>/phixflow/api/1/action/<<Application Name>>/<<Actionflow Name>>/poll/<<processID>>

Step 6 - Returned Data JSON Path

If your API has been configured to return data the path will be in the format:

$.data.<<Output Name>> 

Where <<Output Name>> is the Output connection point setup in step 3.

Adding Authentication

Step 7 - Enable Authentication

  1. Open the Incoming API Actionflow.
  2. On the toolbar click  Properties
  3. In the Basic Settings section of the properties, click Allow Anonymous Connection so that it is disabled, it will appear greyed out.
  4.  Apply the changes

Step 8 - Create an Authentication User

  1. In the  Repository, expand the application with the Incoming API.
  2. Expand  Roles and create an New Role by clicking .
    1. Pin the tab as we will need it to remain open.
    2. Provide a useful Name e.g. GenerateToken
    3. In the Privileges section, click  Privileges
    4. Scroll down to the Full Repository, expand it and search for  the privilege: Use API Key
    5. Drag the Use API Key into the privileges section of the Role.
    7.  Apply the changes
  3. In the  User Groups section, click  User Groups
    1. Add a new Group for your Role.
      1. Give it a useful Name e.g. API Users.
      2. Add any users you require to be able to run the API. This could be a dedicated API user with limited privileges.
        1. To create a user see Managing User Accounts → Creating Users.
      3. In the Roles section, assign the role, User
      4. Click  Apply and close the tab.
    2. Now drag the new user group into the  User Groups section of the new privilege.
    3.  Apply the changes
  4. The setup should look similar to:

Step 9 - Authentication Token KeyStore

A signing key is used to generate the Phixflow API key and this is stored on the server to ensure secure access.

Using the page Configure a Keystore and Aliases, configure phixflow-api-key to be used as the signing key for PhixFlow API Keys in the same way as the pepperKey is configured. This secret string must be a minimum of 32 bytes length.

Step 10 - Generate Authentication Token

  1. The Incoming API will run as a specified user, this means when it is called the audit trail will show the specified user as having performed the Incoming API actionflow
  2. You do not need to login as this user, however, if you were already logged in as this user when performing Step 1 above, you will need to logout and login again to pick up the user group change
  3. In the  Repository, scroll down to the Full Repository section and expand it
  4. Expand the  Users section
  5. Double click on the user who will run the Incoming API
  6. Click the 3-dot more menu in the top right of the user properties
  7. Click Generate API Key
  8. Copy the value displayed and store it somewhere safe

Step 11 - Send Authorization

When calling the Incoming API, the authorisation token must be passed in as a header called: Authorization and referenced in the Expression using the syntax, ${_datasource.KeyName} where KeyName is the name of the Secret Key.

Server Console Responses

The item calling the API End-Point will receive the a Response from the API End-Point stating whether it has run successfully (Success) or not (Fail). Responses can be customised to return specific messages.

The response recorded in the  System Console:

If you are making the call using PhixFlow the Responses can be access as follows:

  1. Click the ActionFlow entry
  2. In the Messages section which is opened below, double-click the lines that begin Response
  3. Click the Message Details tab to see the response.

API End-Point Results

To see the results of the API End-Points processing in the  System Console:

  1. Click the ActionFlow entry for the API End-Point
  2. In the Messages section which is opened below, double-click any of the Messages to see more details
  3. If you are using a debug() statement these will appear here.

Failures

An API End-Point will fail if the logic in the Actionflow fails or if the error() function is used to force a failure.

If records are passed to the API End-Point individually a failure will only impact the specific record being processed.


 Version 10

Version 10

Incoming API Setup

To enable an actionflow as an incoming API, we need to define it as an end point and configure an incoming connection point with a set of predefined input parameters. These settings are described below:

Step 1 - Actionflow Properties

  1. Create an  Actionflow from the Actionflow home page
  2. Set a unique name and provide a useful description
    1. Note the name must be unique across all applications on PhixFlow.
  3. When the Actionflow opens, on the toolbar click  Properties
  4. In the Basic Settings section of the properties, click API End-Point
    1. This turns the Actionflow into an incoming API.
  5. Click Allow Anonymous Connections

    1. This allows anyone with the URL for the API to call it, the audit trail records the system as running performing the API call.

       Adding authorization is covered later on this page.

  6.  Apply your changes

Step 2 - Input Connection Point Input Parameters

Incoming APIs require a specific set of Input Parameters on the connection point.

  1. Click on the Connection Point In
  2. In the Properties that open, in the Input Parameters section add the following attributes, the names are case sensitive:
Name
Type
Description
bodyStringprovides the information sent in the body of the API call.
contentTypeStringProvides details of the Content Type
headersStringProvides the information sent in the API call header.
urlStringProvides the complete URL that was used to call the API. This can be used to pass parameters to the API.  

 3.  Apply your changes

Step 3 - Configure your Actionflow

Configure the actionflow to perform the required tasks.

If you wish to return data from the API, 

  1. Add a new Connection of type Output
    1. The name of the Output Connection Point will be used to retrieve the data as part of the path. This is covered in Calling a PhixFlow API (below).
  2. Add the required Output Attributes

Calling a PhixFlow API

Step 4 - HTTP Method

To call a PhixFlow API use the HTTP Method POST

Step 5 - API URL

The API can be called using a URL which is constructed as follows:

https://<<Server Name>>/phixflow/api/1/action/<<Actionflow Name>>/trigger

parameter
description
<<Server Name>>URL of the server e.g. app.phixflow.com
phixflowthe name of the instance, typically this is phixflow
<<Actionflow Name>>The name of the actionflow set in Step 1. Note that if your actionflow has a space in the name this must be replaced with %20. For example "My API" becomes, "My%20API". 

Example URL

https://app.phixflow.com/phixflow/api/1/action/My%20API/trigger

Step 6 - Returned Data JSON Path

If your API has been configured to return data the path will be in the format:

$.data.<<Output Name>> 

Where <<Output Name>> is the Output connection point setup in step 3.

Adding Authentication

Step 7 - Enable Authentication

  1. Open the Incoming API Actionflow.
  2. On the toolbar click  Properties
  3. In the Basic Settings section of the properties, click Allow Anonymous Connection so that it is disabled, it will appear greyed out.
  4.  Apply the changes

Step 8 - Create an Authentication User

  1. In the  Repository, expand the application with the Incoming API.
  2. Expand  Roles and create an New Role by clicking .
    1. Pin the tab as we will need it to remain open.
    2. Provide a useful Name e.g. GenerateToken
    3. In the Privileges section, click  Privileges
    4. Scroll down to the Full Repository, expand it and search for  the privilege: Use API Key
    5. Drag the Use API Key into the privileges section of the Role.
    7.  Apply the changes
  3. In the  User Groups section, click  User Groups
    1. Add a new Group for you Role.
      1. Give it a useful Name e.g. API Users.
      2. Add any users you require to be able to run the API. This could be a dedicated API user with limited privileges.
        1. To create a user see Managing User Accounts → Creating Users.
      3. In the Roles section, assign the role, User
      4. Click  Apply and close the tab.
    2. Now drag the new user group into the  User Groups section of the new privilege.
    3.  Apply the changes
  4. The setup should look similar to:

Step 9 - Authentication Token KeyStore

A signing key is used to generate the Phixflow API key and this is stored on the server to ensure secure access.

Using the page Configure a Keystore and Aliases, configure phixflow-api-key to be used as the signing key for PhixFlow API Keys in the same way as the pepperKey is configured. This secret string must be a minimum of 32 bytes length.

Step 10 - Generate Authentication Token

  1. The Incoming API will run as a specified user, this means when it is called the audit trail will show the specified user as having performed the Incoming API actionflow
  2. You do not need to login as this user, however, if you were already logged in as this user when performing Step 1 above, you will need to logout and login again to pick up the user group change
  3. In the  Repository, scroll down to the Full Repository section and expand it
  4. Expand the  Users section
  5. Double click on the user who will run the Incoming API
  6. Click the 3-dot more menu in the top right of the user properties
  7. Click Generate API Key
  8. Copy the value displayed and store it somewhere safe

Step 11 - Send Authorization

When calling the Incoming API, the authorisation token must be passed in as a header called: Authorization and referenced in the Expression using the syntax, ${_datasource.KeyName} where KeyName is the name of the Secret Key.

Server Console Responses

The item calling the API End-Point will receive the a Response from the API End-Point stating whether it has run successfully (Success) or not (Fail). Responses can be customised to return specific messages.

The response recorded in the  Console:

If you are making the call using PhixFlow the Responses can be access as follows:

  1. Click the ActionFlow entry
  2. In the Messages section which is opened below, double-click the lines that begin Response
  3. Click the Message Details tab to see the response.

API End-Point Results

To see the results of the API End-Points processing in the  Console:

  1. Click the ActionFlow entry for the API End-Point
  2. In the Messages section which is opened below, double-click any of the Messages to see more details
  3. If you are using a debug() statement these will appear here.

Failures

An API End-Point will fail if the logic in the Actionflow fails or if the error() function is used to force a failure.

If records are passed to the API End-Point individually a failure will only impact the specific record being processed.