This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Help porting over from Postman to Workato

rharkness
Deputy Chef I
Deputy Chef I

‎07-24-2025 03:06 PM

Using Postman, I have successfully retrived a bearer token and connected to the endpoints provided to me by the client.  
I am not having success taking this functioning logic and recreating it in Workato using the HTTP connector.
What I'm not sure about is whether or not my issue is that the client is using a username/password to authenticate the token endpoint and it appears in order to use a bearer token I must use one of the OATH HTTP options

Anyone have any luck retrieving a bearer token with just an username and password?
This may or may not matter, but the endpoints I'm connecting to require the token to be passed in the header

0 Kudos
14 REPLIES 14

rharkness
Deputy Chef I
Deputy Chef I
In response to Bhagya_pola

‎07-25-2025 12:47 PM

My token appears to expire in 24hrs but I'm using Workato in an embedded environment which is not configured to allow me accerss to create or modify Project properties

0 Kudos

rajeshjanapati
Deputy Chef III
Deputy Chef III
In response to rharkness

‎07-24-2025 10:23 PM - edited ‎07-24-2025 11:11 PM

Hi @rharkness @gary1 

When dealing with sensitive information, we have another approach where the value is not stored in Properties, Lookup Tables, or anywhere else. Instead, it's generated dynamically within the flow whenever it expires.

Please refer to the image below — in place of the Python connector, you can use the HTTP connector. Pay close attention to the step comments for better understanding. Also, make sure to store the access token in a variable so it can be reused in the following steps of the recipe.

Hope this makes sense! If not, feel free to reach out for further discussion.Screenshot 2025-07-25 100123.png

0 Kudos

mppowe
Executive Chef II
Executive Chef II
In response to gary1

‎07-25-2025 07:14 AM

You should totally make an idea for that, if one doesn't exist.  I'd vote for it in a heartbeat

0 Kudos

mppowe
Executive Chef II
Executive Chef II

‎07-25-2025 07:13 AM

I'll add one thought to this thread, b/c I, too, have struggled with this problem in the past.  I've also had to put credentials in a POST body and not been thrilled about it.  But one extra thing you can add to fend off the API Police is to make a new Project meant to store secured assets.  For example, we have a Project called "Recruitment and Admissions", then I made one called "Recruitment and Admissions - Secured".  That's the project I stash recipes like this where I have to expose credentials, and then not everyone is given access to that project.  All the other stuff already mentioned still apply, as far as data masking and such, but at least this way there's some RBAC around the sensitive credentials among the developers.

And @gary1 , you're not a pastry chef, it says you're a Star Chef 😁

shivakumara
Executive Chef III
Executive Chef III

‎07-25-2025 07:23 AM

Hi @rharkness ,

Here's my recommendation for securely handling bearer token authentication using the HTTP connector in Workato:

Recommended Approach

  1. Create an HTTP Connection with Username & Password Authentication

    Use Workato's HTTP connector to create a connection that securely stores and uses your username/password credentials.
    This avoids hardcoding or exposing credentials in recipes.
    This connection can then be reused across multiple actions/recipes.

  2. Use the HTTP Connection in Your Recipes

    When using this connection in your recipe actions, the connector will handle the authentication step using the stored credentials.
    If your Bearer token has an expiration (e.g., 3600 seconds), you can build a logic check before any critical API call to ensure the token is valid.

  3. Separate Token Generation from Business Logic
    It's a best practice to modularize your logic:

    Use a separate function or step early in the recipe to check token validity and regenerate if needed.
    Keep your token generation and API data actions decoupled for easier debugging, better reusability, and improved maintainability.

    Thanks and Regards,
    Shivakumara K A
0 Kudos
Copyright © 2025 Khoros, LLC