Home > Forum > General > User defined API

User defined API
0

24.05.2025
12:44
Nikolaus Schusser

Hi all!

I am trying out the new user defined API in 2025 R2.

I have a client application with application context and added the scope App.UserDefAPI.ReadWrite.All (according to documentation this is necessary to get access to endpoint with automation).

In addition the REST API client is application admin, can start new workflows and so on...

What I am trying to do is a POST to an automation endpoint, which starts another workflow in its automation (very simple).

But all I am getting is, regardless of what I do:

{
"description": "Invalid scopes",
"guid": "48078ebb-424f-4a0f-9a27-7e67e408e148"
}

The guid cannot be found in designer studio, there is also no automation log.

Remark: The endpoint with a datasource works fine.

Did I miss something or this is a bug?

Thanks a lot in advance, Nik

Reply  
26.05.2025
15:53
MVP
Maksymilian Stachowiak

Hi Nikolaus,
I've checked how it works in our environment (version 2025.2.1.35).

First of all i've created test api definition as seen in screenshots, a simple example - just starting new empty workflow.
An important thing was to check Authorization mode, documented here (without it i've been getting permission errors):
* https://docs.webcon.com/docs/2025R2/Studio/Process/APIDefinition#5-authentication-mode

Second part is the API client/secret - I'm using a full access token for development purposes, but to test the scopes i'm specyfing those in authorization requests.
Make sure, that you've saved those scopes allowed per specific application, so you are trying to get permissions to scope, to which you can get those.

Now testing, using curl it goes like that:

1. We log in as the application:
curl -X 'POST' \
'https://webcondevelopment/api/oauth2/token' \
-H 'accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id={your_client_here}&client_secret={your_secret_here}&scope=App.UserDefAPI.ReadWrite.All'

2. Using returned access_token we can now try to execute the action:
curl -X 'POST' \
'https://webcondevelopment/api/udef/db/1/test' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer {access_token}' \
-d '{}'

From permission perspecitve I gave permissions on the application level and on process level.

When error says Invalid scopes i would check 3 times if those are properly defined on both ends - webcon, and the application/script executing the api call, it looks like it's the first thing that webcon checks before it proceeds to do anything else.

Reply  
Solution (0) Helpful (0) Wrong answer (0)
Menu
Czerwone Maki 87
30-392 Krakow, Poland
office@webcon.com
+48 12 443 13 90
Did you know that with WEBCON you can automate virtually any process? Even baking cookies 🍪
 
Speaking of cookies: we use the ones that are essential for our website to function properly, as well as additional ones that help us customize our content to your preferences. If you don’t mind cookies, click Accept. If you want to learn more, explore settings.
Settings