Skip to content

API

The API Message Source type allows you to receive messages to process via local or public HTTP POST or GET requests. You can also use this Message Source type if you only want to manually execute Automations, without any specific source.

Local API URL

Messages can be posted to ThinkAutomation via a local API URL. Each Message Source has a unique local API URL. You can use this endpoint to post messages within your local network.

See Also: Using The Local API

Public API URL

Messages can also be posted to ThinkAutomation via a public API URL. The Web API provides a secure web public endpoint allowing messages to be posted to ThinkAutomation from your own or 3rd party webhooks. Each Message Source has a unique public API URL. The public Web API Gateway acts as a secure tunnel between web resources and your on-premises or self-hosted ThinkAutomation instance. This allows your ThinkAutomation Server to receive public HTTP requests without being publicly accessible itself.

See Also: Using The Web API

Create Extracted Fields

If you will be receiving Json via HTTP POST or GET requests you can quickly create the required Extract Field actions. Click the Create Fields button and paste a sample of the Json you will be receiving. The required Extract Field actions will then be created in your Automation.

Advanced Settings

These settings are optional.

Security

Allowed Methods

By default the API Message Source will accept both HTTP POST and GET requests. You can limit to POST or GET only.

Require Authentication

By default, callers to the API endpoint do not need to supply any authentication. You can require the caller to provide authentication. This can be an API Key, a Bearer Key or Basic Authentication.

For API Key authentication you specify the header name and value. The caller must add the required header to their requests.

For Bearer Key authentication the caller must add an 'Auth' header with the value Bearer: {value}.

For Basic authentication the caller must add an 'Auth' header with the value Basic: {base64encoded username:password}.

Any request with invalid authentication will be refused with a 401 Unauthorized response.

Allowed Origins

Specify the website URLs that are permitted to send requests to the public API endpoint. These domains will be used to validate the Origin header of incoming requests. Leave this field blank if you want to allow requests from any domain.

Enter full URLs (e.g., https://www.example.com). Multiple entries may be separated by commas.

If the Reject If Origin Header Is Blank option is enabled, requests will be rejected when no Origin header is present. This is an additional security control to prevent automated or same-site submissions that do not supply origin information.

Disable Public

You can explicitly disable the Message Source from receiving public API requests by enabling this option. Any requests to the Public API endpoint will then receive a 404 response.

Friendly Path

By default the URL path for the Message Source will be /addmessage followed by ?taid={uniquekey}. You can change this to a more friendly path, such as /mycompany/customers/add. The path must be unique. ThinkAutomation will check that the path is valid and unique before saving.