Operate Public API (SaaS)

Number of APIs: 21

🚀 Overview

The Operate API is a REST API and provides searching, getting, and changing Operate data. Requests and responses are in JSON notation. Some objects have additional endpoints. For example, process-definitions has an endpoint to get the process-definition as XML representation. In case of errors, Operate API returns an error object.

Take a closer look at Camunda's Operate API (REST) documentation.

A detailed API description is also available as Swagger UI at https://${base-url}/swagger-ui/index.html.

For SaaS: https://${REGION}.operate.camunda.io/${CLUSTER_ID}/swagger-ui/index.html, and for Self-Managed installations: http://localhost:8080/swagger-ui/index.html.

💪 What do you need to make it work?

Authentication

All requests to the Operate API require authentication.

This Qodex collection is configured to automatically handle the authentication process if:

• You are using the SaaS offering of Camunda

• You provide an API client ID and secret

If you're using a Self-Managed instance of Camunda, see the [Operate Public API (Self-Managed) collection] which is better configured for Self-Managed interaction.

1. Configure an API client

To interact with the Operate API programmatically, create client credentials in your cluster's settings under the API tab.

Ensure the API client is granted access to the Operate scope.

After client credentials are created, the Client secret is only shown once. Save this Client secret somewhere safe.

2. Configure a Qodex environment

Enable the Camunda SaaS environment in Qodex. From the Camunda 8 Qodex workspace, click the Environments tab on the left side of the page, mouse over Camunda SaaS, and click the Set active checkmark icon. See the [Qodex documentation] on managing environments for more information.

Configure the Current value of the following variables in the environment:

• authorizationServerUrl - The URL of the authorization server. For the SaaS offering, this is https://login.cloud.camunda.io/oauth/token.

• operateApiAudience - The audience associated with the API client. For the SaaS offering, this is operate.camunda.io.

• operateApiBaseUrl - The base URL of your Operate instance. For the SaaS offering, this is https://${REGION}.operate.camunda.io/${CLUSTER_ID}, and can be captured from your API client connection information in the Camunda 8 Console.

• operateApiClientId - The client ID of the API client you created in the Camunda 8 Console.

• operateApiClientSecret - The client secret of the API client you created in the Camunda 8 Console.

NOTE: When calling the Operate API, you must also set two authentication headers for a successful call: session and csrftoken. Ensure these environment variables are also selected.

With these values configured, a pre-request script defined on the collection will automatically retrieve an access token before each request, and store it in the operateApiBearerToken variable. If you forget to configure any of these variables, requests will show a failed test with an error message indicating the unconfigured variable.

If you prefer to manually manage the access token, configure its value in the operateApiBearerToken variable.

The access token is automatically included in the headers of every request in the collection: Authorization: Bearer {{operateApiBearerToken}}.

3. Make requests to the API

With the environment configured, you can now make requests to the Camunda 8 Operate API. The collection includes a variety of requests to manage processes, instances, variables, and decisions.

See the Camunda 8 documentation for more information on the available endpoints and their usage.

Common issues

No request made, 1/2 tests pass

If it appears no request was made, and the Test Results tab shows a failing test, there is likely misconfigured data. Common issues include:

• No environment selected.

• Unconfigured authorizationServerUrl, operateApiAudience, operateApiBaseUrl, operateApiClientId, or operateApiClientSecret variables.

• Improperly formed access token.

Error message: There was an error in evaluating the Pre-request Script:Error: No data, empty input at 1:1 ^

Additional information can be found in the Qodex console. This error may indicate a problem with credentials, such as an invalid operateApiClientId or operateApiClientSecret.

403 Forbidden response

A 403 Forbidden response may indicate insufficient permissions for the API client. Ensure the client has the necessary scopes and permissions to perform the requested operation.

1. Process definitions - Search for process definitions POST {{baseUrl+ApiVersion}}/process-definitions/search

2. Process definitions - Get process definition by key GET {{baseUrl+ApiVersion}}/process-definitions/:key

3. Process definitions - Get process defintion by key as XML GET {{baseUrl+ApiVersion}}/process-definitions/:key/xml

4. Process instances - Search for process instances POST {{baseUrl+ApiVersion}}/process-instances/search

5. Process instances - Get process instance by key GET {{baseUrl+ApiVersion}}/process-instances/:key

6. Process instances - Delete process instance and dependant data by key DELETE {{baseUrl+ApiVersion}}/process-instances/:key

7. Process instances - Get flow node statistic by process instance id GET {{baseUrl+ApiVersion}}/process-instances/:key/statistics

8. Incidents - Search for incidents POST {{baseUrl+ApiVersion}}/incidents/search

9. Incidents - Get incident by key GET {{baseUrl+ApiVersion}}/incidents/:key

10. Flow node instances - Search for flow node instances POST {{baseUrl+ApiVersion}}/flownode-instances/search