Exposing Data as an API
How a Flow Studio workflow with a REST trigger becomes a real REST API endpoint — authentication, URL structure, response shaping, and integration with external systems.
Workflows as REST API Endpoints
Every Flow Studio workflow that uses a REST trigger is automatically exposed as an HTTP endpoint through the BizFirstGO API gateway. There is no separate API controller to write — the workflow IS the API endpoint.
The URL pattern for workflow triggers:
-- Synchronous (waits for workflow to complete and returns the result)
POST https://your-bfgo-instance/api/workflows/{workflowId}/trigger
GET https://your-bfgo-instance/api/workflows/{workflowId}/trigger?queryParam=value
-- Asynchronous (fires the workflow and returns an execution ID immediately)
POST https://your-bfgo-instance/api/workflows/{workflowId}/trigger-asyncCRUD API Endpoint Mapping
Map your four CRUD workflows to conventional REST endpoint semantics using HTTP method routing:
| Operation | HTTP Method | URL Pattern | Workflow |
|---|---|---|---|
| Create | POST | /api/workflows/lead-create/trigger | lead-create |
| Get by ID | GET | /api/workflows/lead-read/trigger?leadId={id} | lead-read |
| List | GET | /api/workflows/lead-list/trigger?status=&offset=&pageSize= | lead-list |
| Update | POST | /api/workflows/lead-update/trigger (body: leadId + fields) | lead-update |
| Delete | POST | /api/workflows/lead-delete/trigger (body: leadId) | lead-delete |
The workflow trigger endpoint accepts POST by default for all workflow types. For standard REST semantics (GET for reads, PUT for updates, DELETE for deletes), use the workflow alias routing feature in the API gateway to map conventional HTTP verbs to the appropriate workflow triggers.
Authentication
All workflow trigger endpoints require a valid BizFirstGO bearer token:
curl -X POST https://your-bfgo-instance/api/workflows/lead-create/trigger \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"fullName": "Jane Smith",
"email": "jane.smith@acme.com",
"companyName": "Acme Corp",
"source": "Conference",
"status": "New"
}'Token acquisition: Use the BizFirstGO OAuth2 token endpoint. For service-to-service integrations, use the Client Credentials flow (no user interaction required). For user-context API calls, use the Authorization Code flow.
Response Shaping
The workflow's final node determines the API response. Use a Response Formatter Node to shape the output:
// Response Formatter Node configuration
{
"nodeType": "ResponseFormatterNode",
"nodeId": "format-response",
"statusCode": 200,
"body": {
"success": true,
"data": "{{variables.lead}}",
"meta": {
"tenantId": "{{workflow.tenantId}}",
"requestId": "{{workflow.executionId}}"
}
}
}
// Resulting API response:
{
"success": true,
"data": {
"leadId": "550e8400-e29b-41d4-a716-446655440000",
"fullName": "Jane Smith",
"email": "jane.smith@acme.com",
"status": "New",
"createdAt": "2026-05-25T10:30:00Z"
},
"meta": {
"tenantId": 42,
"requestId": "exec_abc123"
}
}Error Response Pattern
// Use a Condition Node to check for validation errors or not-found:
// If lead is null → return 404
{
"nodeType": "ResponseFormatterNode",
"nodeId": "not-found-response",
"statusCode": 404,
"body": {
"success": false,
"error": "Lead not found",
"leadId": "{{input.leadId}}"
}
}
// If validation fails → return 400
{
"statusCode": 400,
"body": {
"success": false,
"errors": "{{variables.validationErrors}}"
}
}Rate Limiting and Throttling
Configure rate limiting on workflow trigger endpoints in the API gateway settings:
| Limit Type | Recommended Default | Configuration Location |
|---|---|---|
| Per-tenant rate limit | 1000 req/min | Tenant API quota settings |
| Per-workflow rate limit | 200 req/min | Workflow trigger settings |
| Burst allowance | 50 req/sec | API gateway configuration |