Workato

Name: QuantaSeal
Brand: QuantaSeal
Price: 69 AUD

Integration Platform

system_type: "workato"

Proxy Workato Automation API calls for recipe management, job monitoring, and connection health checks.

Overview#

The Workato connector proxies Workato REST API calls for managing recipes, monitoring job executions, and listing connections. API tokens are sealed in QuantaVault. Supports multi-cluster deployments across US, EU, SG, JP, and AU regions.

Base URL: https://api.quantaseal.io/api/v2/proxy/outbound
Auth header: X-API-Key: qs_live_…

Prerequisites#

1A Workato account with API access (Professional plan or higher)
2A Workato API token from Settings → API tokens → Generate API token
3Your Workato cluster URL (US: www.workato.com, EU: app.eu.workato.com, etc.)

Configuration#

Follow these steps to connect Workato to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

1
In Workato, go to Account Settings → API tokens → Generate API token.
2
Select the scope: Full access or read-only.
3
Seal: POST /api/v2/vault/seal with credential_type: api_key.
4
Create integration: POST /api/v2/integrations with system_type: workato, config: {base_url: 'https://www.workato.com/api'}.

Authentication Types#

Seal the Workato API token as api_key. The default base URL is https://www.workato.com/api.

API Key

All credential types are sealed in QuantaVault with ML-KEM-768 + AES-256-GCM and wrapped by your tenant AWS KMS CMK before storage. See the Vault API reference for the full list of credential types and seal/unseal endpoints.

Available Operations#

QuantaSeal enforces a default-deny operation policy. Only operations listed in your integration's allowed_operations array will be permitted. Add operations when creating or updating the integration.

Operation	Description
`list_recipes`	List all recipes in the account.
`get_recipe`	Get details of a specific recipe.
`start_recipe`	Enable (start) a recipe.
`stop_recipe`	Disable (stop) a recipe.
`list_jobs`	List recent job executions.
`list_connections`	List all configured connections.

Code Example#

Every proxy call returns a HybridCryptoEnvelope - the response is ML-KEM-768 key-encapsulated, AES-256-GCM encrypted, and signed with ML-DSA-65 + HMAC-SHA-512. Verify both signatures before trusting the decrypted payload.

bashCopy

curl -X POST https://api.quantaseal.io/api/v2/proxy/outbound \
  -H "X-API-Key: qs_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "integration_id": "int_WORKATO001",
    "operation": "list_recipes",
    "payload": {"active": true, "page": 1, "per_page": 20}
  }'

Decrypt the response using the QuantaSeal SDK: client.encryption.decrypt(envelope). Both the ML-DSA-65 signature and the HMAC-SHA-512 signature must pass - QuantaSeal uses a bitwise & check, not short-circuit and.

Troubleshooting#

401 - Token not recognised

Workato API tokens are account-scoped. If the account was migrated to a different cluster (e.g. EU), update the base_url config and rotate the token.

Recipe returns 404

Recipes may have been deleted or moved to a different folder. Use list_recipes to get the current recipe ID.

Still stuck? Check the Security Events page in the Admin Console for detailed proxy error logs, or open a support ticket at quantaseal.io/support.

All Connectors API Reference