The Management API allows Frends to be managed via an API interface. This can be used to automate actions, such as editing Environment variables or deploying Processes.
Note: The Management API authorization is separate from the normal authorization and the operations are currently always executed with full admin privileges. Viewing the Swagger UI is allowed to all users with access to the UI but access to the API methods in Swagger UI is allowed to only users with a role that has the AllowAction ManagementApi.Admin rule in the role configuration.
You can see all supported API operations in the Swagger UI. The swagger URL is created by adding the /swagger suffix to the Frends URL, for example:
More information about how to use the Swagger UI can be found here.
General information and guidelines
The API is designed to be used in a RESTful manner specifying Frends elements to be access by their ids. Some responses provide links, which help to do further requests for the elements contained in the response. Lists use paging or continuation tokens if the data is rapidly changing, e.g. Process instances. In these cases you need to use the continuation token to have a consistent experience enumerating the list.
There is no rate limit currently in place, but you should not spam the API with requests or you will risk having it disabled.
Authentication
Management API uses Bearer Token authentication. The Bearer Token is created for you by the Authentication server that needs to be separately added by contacting Frends support. Currently only Azure Active Directory (AAD) is supported.
Here is a guide for Creating an Azure Active Directory (AAD) application for Management API and how to provide that information to Frends Support.
When a user authenticates your application (client) with authentication server then server generates a Token for you.
Bearer Token authentication is required for the external API tool like Postman.
To acquire a Bearer token you will need to create a request with the following parameters:
โ
For Bearer token authentication, you need the following request
grant_type:client_credentials
client_id:<AAD application id>
client_secret: <AAD application client secret>
resource: api://<AAD application id>
The returned response will contain the Bearer token which will be used either on the Swagger UI or for requests to the UI using providing it as a header:
Authorization: Bearer <bearer token>
Example use of Management API using Postman
The Postman tool can be used to automate API operations through API interface and for testing.
For converting Swagger specification to a Postman Collection use this
In the Swagger UI interface, you can see the documentation URL here:
After converting Swagger documentation to Postman Collection you should see something like this.
On the Postman collection main level, please select Bearer Token authorization type:
The token must be generated in the first request of the Collection.
You need to create a Post Request and use the previously mentioned authentication parameters
The Bearer token is taken from the body of the response message and it is used in all Postman Requests.
For example Create API Ruleset