Getting Started — InstallHub Overview

Prerequisites

A BizFirstGO tenant with at least one workflow or form to export
An API token with installhub:export permission
The IDs of the artifacts you want to include in the package
A REST client (curl, Postman, or any HTTP client)

Step 1 — Find Your Artifact IDs

You need the artifact IDs of the workflows, forms, or apps you want to package. You can find these in the Flow Studio or Atlas Forms URL bar, or by querying the artifact API:

GET /api/processes?tenantId={tenantId}
Authorization: Bearer {your-token}

// Response example:
{
  "items": [
    { "id": "proc-1001", "name": "EmployeeOnboarding", "version": "2.1.0" },
    { "id": "proc-1002", "name": "LeaveApproval",       "version": "1.3.0" }
  ]
}

Step 2 — Call the Export API

POST to the export endpoint with the artifact IDs you want to bundle:

POST /api/installhub/packages/export
Authorization: Bearer {your-token}
Content-Type: application/json

{
  "packageName":    "Employee Onboarding Suite",
  "packageType":    "workflow-package",
  "version":        "1.0.0",
  "description":    "Complete onboarding workflow with employee form",
  "artifactIds": [
    "proc-1001"
  ]
}

// The DependencyResolver will automatically include all artifacts
// that proc-1001 depends on (forms, rules, entity schemas, etc.)

Step 3 — Receive the Bundle

The response returns the export result with the ZIP bytes and manifest:

HTTP 200 OK
Content-Type: application/json

{
  "packageId":    "pkg-a3f9c821-4b2e-...",
  "packageName":  "Employee Onboarding Suite",
  "version":      "1.0.0",
  "checksum":     "sha256:3a9f1c4e...",
  "artifactCount": 4,
  "bundleUrl":    "/api/installhub/packages/pkg-a3f9c821.../download",
  "exportedAt":   "2026-05-25T09:30:00Z",
  "manifest": {
    "artifacts": [
      { "type": "ProcessDefinition", "id": "proc-1001", "name": "EmployeeOnboarding" },
      { "type": "AtlasForm",         "id": "form-2005", "name": "EmployeeForm" },
      { "type": "RuleSet",           "id": "rule-305",  "name": "ApprovalRules" },
      { "type": "EntitySchema",      "id": "ent-44",    "name": "EmployeeSchema" }
    ]
  }
}

Dependencies Auto-Included Notice the response includes 4 artifacts even though you only specified proc-1001. The DependencyResolver automatically discovered the form, rules, and entity schema that the workflow depends on, and included them in the bundle.

Step 4 — Download the ZIP

GET /api/installhub/packages/{packageId}/download
Authorization: Bearer {your-token}

// Response: application/zip stream
// Save as: employee-onboarding-1.0.0.zip

Step 5 — Inspect the Bundle

Unzip the bundle to verify its contents:

employee-onboarding-1.0.0.zip
├── manifest.json
├── README.md
└── artifacts/
    ├── workflows/
    │   └── proc-1001.json
    ├── forms/
    │   └── form-2005.json
    ├── rules/
    │   └── rule-305.json
    └── entities/
        └── ent-44.json

Step 6 — Review Export History

Every export is logged. You can retrieve your export history for audit purposes:

GET /api/installhub/packages/history?tenantId={tenantId}
Authorization: Bearer {your-token}

// Response:
{
  "items": [
    {
      "packageId":    "pkg-a3f9c821-...",
      "packageName":  "Employee Onboarding Suite",
      "version":      "1.0.0",
      "exportedAt":   "2026-05-25T09:30:00Z",
      "exportedBy":   "engineer@company.com",
      "artifactCount": 4,
      "checksum":     "sha256:3a9f1c4e..."
    }
  ]
}

Next Steps

Export System Deep Dive

Learn about artifact selection, dependency graphs, and the full export pipeline.

Guide 2: Export System →

Package Format

Understand the exact ZIP structure, manifest schema, and artifact serialization format.

Guide 3: Package Format →

Security Scanning

Learn what the security scanner checks and how to interpret scan results.

Guide 8: Security Scanning →

← Current Status