We have the following setup: ✅ Okta is used for authentication, but it supports only the Authorization Code flow (we do not have Client Credentials flow enabled). ✅ For machine-to-machine authentication, we are using AWS Cognito. Here are our questions:1. How can we start a K2 workflow on an event? The event might be: Headless (no user context) Or triggered by a user based on certain conditions by external system or nintex 🔍 How should we authenticate these requests securely in both cases (Okta /Cognito)? ✅ Which OAuth flow is recommended for headless service calls? 2. How can we make secure outbound API calls from SmartObjects? Some API calls are triggered by SmartObjects that are: Invoked headlessly Or invoked as part of a user action 🔍 How do we securely authenticate those outbound calls, especially when tokens must reflect a user’s identity? 🔒 Is there a way to pass the user's identity token in SmartObject calls? 3. How can we update a workflow step from an external system with user identity? We want to update a workflow step (e.g., approval) via a REST API call from an external system This call needs to include the SSO token of the user who approved it (from another system) 🔍 Is it possible to: Use an SSO token from an external identity provider (e.g., Okta or Cognito) And map that user identity in K2 when calling the update step API?

Nintex Community Menu Bar

Question

Authentication for outbound and inbound apis

8 days ago
April 14, 2025
0 replies
19 views
Translate

shafi
Rookie

We have the following setup:

✅ Okta is used for authentication, but it supports only the Authorization Code flow (we do not have Client Credentials flow enabled).
✅ For machine-to-machine authentication, we are using AWS Cognito.

Here are our questions:

1. How can we start a K2 workflow on an event?

The event might be:
- Headless (no user context)
- Or triggered by a user based on certain conditions by external system or nintex
🔍 How should we authenticate these requests securely in both cases (Okta /Cognito)?
✅ Which OAuth flow is recommended for headless service calls?

2. How can we make secure outbound API calls from SmartObjects?

Some API calls are triggered by SmartObjects that are:
- Invoked headlessly
- Or invoked as part of a user action
🔍 How do we securely authenticate those outbound calls, especially when tokens must reflect a user’s identity?
🔒 Is there a way to pass the user's identity token in SmartObject calls?

3. How can we update a workflow step from an external system with user identity?

We want to update a workflow step (e.g., approval) via a REST API call from an external system
This call needs to include the SSO token of the user who approved it (from another system)
🔍 Is it possible to:
- Use an SSO token from an external identity provider (e.g., Okta or Cognito)
- And map that user identity in K2 when calling the update step API?

Did this topic help you find an answer to your question?

Be the first to reply!

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

1. How can we start a K2 workflow on an event?

2. How can we make secure outbound API calls from SmartObjects?

3. How can we update a workflow step from an external system with user identity?

Reply

Sign up

Log in with SSO

Login to the community

Log in with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings