Showing results for 
Search instead for 
Did you mean: 

Workato Recipe Sharing Security

Workato employee
Workato employee

This is more for workato team. I know we can set up permission so that a recipe is not by default available in the community.

Each recipe by default comes with a sharing URL, which is useful for sharing and for support.

However the URL is open (if you have it), and the string after “st” is not very long. So...I am wondering if there could be some malicious users harvesting the recipes by trying random recipe numeric number and the token.

I know the chance of getting a hit may be low but ... you never know. Can’t underestimate the super computer’s power 😅

I am wondering if this is on workato’s radar? I can see a few options:

Box’s approach:
1. Set up policy to auto expire share links after x days

2. Allow token regeneration ad-hoc

3. Allow manually extending the sharing period

Okta’s approaxh: disable sharing altogether and when workato support needs to get in, grant just in time access globally, or only to the recipe.



Workato employee
Workato employee
Thanks Gordon. Yes, it needs to balance the need for security as well as the ease of sharing with support or other stakeholders.