Allow service accounts to initiate Relay workflows via the Box API
Allow service accounts to own and initiate Relay workflows via requests to the Box API
-
Garrett Flora commented
We have a use case at the University of Arizona that requires the Workflow API to:
1. Allow a service account to create a workflow and/or allow a user to create and share a workflow with a service account.
2. Allow a service account to start any workflow that it owns, or co-owns.The API currently allows a service account to access the 'Starts workflow based on request body' (https://developer.box.com/reference/post-workflows-id-start/) endpoint. but doesn't allow a service account to own, or co-own, a workflow, which prevents the service account from utilizing said endpoint. Using the as-user header and/or user access token provides too broad of a level of access for a service account, representing a security hole, as it can kick off workflows owned by anybody in our enterprise.