All docs This doc
Skip to end of metadata
Go to start of metadata

This section explains how to add a custom workflow to control the API state changes in the API Manager. First see Workflow Extensions for more information on different types of workflow executors. For more details on API states see API Lifecycle.

Configuring the Business Process Server

  1. Download WSO2 Business Process Server.
  2. Set an offset of 2 to the default BPS port in <BPS_HOME>/repository/conf/carbon.xml file. This prevents port conflicts that occur when you start more than one WSO2 product on the same server. Also see Changing the Default Ports with Offset


    Tip: If you change the BPS port offset to a value other than 2 or run the API Manager and BPS on different machines (therefore, want to set the hostname to a different value than localhost), you do the following:

    • Search and replace the value 9765 in all the files (.epr) inside <APIM_HOME>/business-processes folder with the new port (9763 + port offset).
  3. Start the BPS server and log in to its management console (https://<Server Host>:9443+<port offset>/carbon). 

    If you are using Mac OS with High Sierra, you may encounter following warning when login into the Management console due to a compression issue exists in High Sierra SDK.

    WARN {org.owasp.csrfguard.log.JavaLogger} -  potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>,, method:POST, uri:/carbon/admin/login_action.jsp, error:required token is missing from the request)

    To avoid this issue open <BPS_HOME>/repository/conf/tomcat/catalina-server.xml and change the compression="on" to compression="off" in Connector configuration and restart the BPS.

  4. Select Processes > Add > BPMN and upload the <APIM_HOME>/business-processes/api-state-change/ file to BPS.

Configuring the API Manager

  1. Open <APIM_HOME>/repository/conf/api-manager.xml and set in <Enabled> to true in the <WorkflowConfigurations> section.
  2. Change the <ServerUrl> if you have configured the BPS to run on a different port offset.

Engaging the WS Workflow Executor in the API Manager

First, enable the API state change workflow.

  1. Log in to the APIM management console (https://<Server Host>:9443/carbon) and select Browse under Resources.
  2. Go to the /_system/governance/apimgt/applicationdata/workflow-extensions.xml resource, disable the Simple Workflow Executor and enable WS Workflow Executor. 

    	<!-- Publisher related workflows -->
    	<!--<APIStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIStateChangeSimpleWorkflowExecutor" />-->
    	<APIStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIStateChangeWSWorkflowExecutor">
        	<Property name="processDefinitionKey">APIStateChangeApprovalProcess</Property>
        	<Property name="stateList">Created:Publish,Published:Block</Property>   	 

    You have now engaged the API WS Workflow. The default configuration is set for Created to Publish and Published to Block state changes. See Advanced Configurations for information on configuring more state changes. 

  3. Log in to the API Publisher (https://<Server Host>:9443/publisher) and publish an API. See Create and Publish an API. A message related to the publish workflow will be displayed because the workflow is enabled for Created to Publish state change.

    Note that the Save & Publish button will be disabled until the workflow task is completed or deleted.

  4. You can revoke the state change by clicking Delete Task in the Lifecycle tab.

  5. Log in to the Admin Portal (https://<Server Host>:9443/admin) and click API State Change to see the list of tasks awaiting approval. 
    Click Assign to Me to approve the taskSelect Approve and click Complete to resume and complete the API state change.

Configuring the BPS for tenants

  1. Log in to the BPS with the credentials of the tenant. Select Processes > Add > BPMN and upload the <APIM_HOME>/business-processes/api-state-change/ file to BPS.
  2. Copy the <BPS_HOME>/repository/deployment/server/webapps/bpmn.war web app to <BPS_HOME>/wso2bps-3.6.0/repository/tenants/<tenant_id>/webapps
  3. To engage the WS Workflow Executor, log in to the admin console using the credentials of the tenant and repeat step 2 from Engaging the WS Workflow Executor in the API Manager.

Advanced Configurations

Given below are the configurations that can be changed by editing <APIM_HOME>/repository/conf/api-manager.xml


The elements of the above configuration are explained below.

Element name



Enables the Admin Portal to approve state change tasks.


The URL of the BPMN server.


User accessing the BPMN REST API.


Password of the user accessing the BPMN REST API.


The REST API invoked by the BPMN to complete the workflow.


The API call to generate the access token is passed to the BPMN process. Once the access token is received, it is used to call the workflow callback API.


Endpoint to generate OAuth application. This application is used by the BPMN process to generate the token.


Endpoint user.


Endpoint password.

Setting a DCREndPointUser

Create a user with exclusive apim:apiworkflow scope permissions when setting a DCREndPointUser. Please avoid using super admin credentials. If super admin credentioals are used, the created OAuth application will have all the permissions related to scopes in the other REST APIs. Follow the steps below to create a user with apim:apiworkflow scope permissions:

  1. Log in to  APIM management console (https://<Server Host>:9443/carbon) and create a role named workflowCallbackRole. Set create and publisher or subscriber permissions to this role.
  2. Go to Resources and click Browse. Go to /_system/config/apimgt/applicationdata/tenant-conf.json and update the role related to ‘apim:api_workflow’ scope with the newly created role.

            "Name": "apim:api_workflow",
            "Roles": "workflowCallbackRole"
  3. Assign this role to a user.
  4. Update <DCREndPointUser> and <DCREndPointPassword> with this user's credentials.

For more details on how to create users and roles see managing users and roles.

The configurations that can be changed by editing the /_system/governance/apimgt/applicationdata/workflow-extensions.xml are given below.

Simple WorkFlow
<APIStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIStateChangeSimpleWorkflowExecutor" />
WS WorkFlow
<APIStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIStateChangeWSWorkflowExecutor">
   	<Property name="processDefinitionKey">APIStateChangeApprovalProcess</Property>
   	<Property name="stateList">Created:Publish,Published:Block</Property>   	

The elements of the above configuration are explained below.

Element Name





BPMN process definition id.  BPMN process provided with AM as default has ‘APIStateChangeApprovalProcess’ as the id



This is a comma separated list of the current state and intended action. For example, Created:Publish,Published:Block



The URL of the BPMN process engine. This overrides the global <ServerUrl> value from the api-manager.xml file. This can be used to connect a separate workflow engine for a tenant.



Username for the external BPMN process engine. This overrides <ServerUser> defined in the api-manager.xml file for the tenant.



password for the external BPMN process engine. This overrides <ServerPassword> defined in the api-manager.xml file for the tenant.

  • No labels