Showing results for 
Search instead for 
Did you mean: 

Securing Front End API Requests

Deputy Chef I
Deputy Chef I

Hi all-

Second question of the night! One of the main reasons we purchase Workato and in particular the API platform was to be able to create custom buttons for customers in our front end that would activate Workato recipes. Eventually we will have a proxy system created by our Product team to secure those calls (so in reality they get sent server to server) but we have some pressing customer needs that have to be met before the proxy is available.

Has anyone else creatively solved this issue? The main goal is to keep API keys out of the front end. Thanks in advance for any advice you can share!


Executive Chef I
Executive Chef I


Workato employee
Workato employee

Hi Michael - Would be good to understand the use case and requirements in detail. How would you be authenticating the client request with the proxy?

You could potentially create a proxy API endpoint on API platform and it can then call the actual Workato API endpoint.

API platform support both token based as well as JWT authentication and you can set policies such as IP whitelisting. Not sure if JWT would be an option for authentication for your scenario.

Deputy Chef II
Deputy Chef II

I would love to have "API Proxy" without recipe be handled within Workato API Gateway. 

Similar to Mulesoft Flex Gateway solution (where it is managed by customer and controlled on Mule Anypoint control plane). If Workato comes with innovative way of handling it and keep the product easily consumable without adding too much price tag to it -- will be big market differentiator

This is great feedback @levajar! If you haven't already, please feel free to submit this to our product team here:

Just click Resource Hub at the bottom of the screen, then select Share your Feedback.

Screenshot 2023-04-12 at 9.25.38 AM.png