A Web service is a technological solution created to integrate information systems, something important in a BPM implementation. In HEFLO, we use the Web Service Connector as an extension of BPM, which allows you to implement message exchanges to:

• Start a process (“catch” operation).
• Consume third-party web services (“throw” operation).

HEFLO uses a modern web services approach based on REST (Representational State Transfer). This strategy is also the lightest and allows for use in integration applications such as Zapier and many other modern apps.

Data exchange

All data transfer between the third-party application and HEFLO must use the JavaScript Object Notation (JSON) format, which is a standard for system development. HEFLO provides user interfaces and facilitators to complete the configuration, and the required technical skills are minimal.

In the web service configuration, there is a facility to map web service parameters to and from work item fields. Here’s an example of setting up a web service that starts a process.

In the case of third-party web services call all parameters are consolidated and sent as follows:

• For GET requests, the system consolidates this data into the QueryString of the URL.
• In the case of POST type calls, the content is generated in JSON format and sent in the ‘Body’ of the request.

Authorization and API keys

You have to provide an application key (API Key) for a third-party application to make a call to a HEFLO web service. This key is obtained from the Environment Management page and you can use the following steps to generate a new one:

1. Go to the Environment Management page.
2. In the “API Keys” region, click the “Add New Key” button.
3. Copy the data presented in the dialog to the program that will make the call.
4. Download the key file and keep it in a safe place.

Once the key is generated, it is kept in our server with irreversible key. This means that it is not possible to remember the password, and if you lose this password you will need to regenerate the key and perform maintenance on all the calling programs maintained by you. So, when generating the key save the text file in a safe place!

The API key can be included in the link or content of the web service message. Remember that all calls will be made with the HTTPS security protocol, and all transmitted data is encrypted.