REST Service Call Task WorkItemHandler
The Enhanced REST Service Call Task WorkItemHandler enables secure, authenticated REST API calls from BPMN workflows. The library provides a solution for integrating external REST services into your workflows with enhanced security and configuration capabilities.
You do not need to add the library to your project, because it is already included in all BAMOE workflow Accelerators. For more information about the Accelerators, see Using Accelerators. The library is automatically configured and available for use in your workflows by org.kie.kogito:kogito-rest-workitem dependency included in BAMOE BOM. You can access the handler through BPMN Editor task palette without adding any additional dependencies.
To deploy the REST Service Call Task WorkItemHandler, you can use the standard BAMOE deployment process or no handler-specific deployment steps.
REST Service Call Task is a new custom BPMN task following Gen AI and AI Agent Tasks design patterns. The REST Service Call Task is configured in the BPMN Editor task palette and the configuration is available in the dedicated properties panel. For more information about the BPMN Editor, see Authoring Workflows with BPMN.
REST Service Call Task uses standard constructs such as ioSpecification, dataInput, and dataOutput. The task supports process variable interpolation syntax #{expression}, and provides real-time validation with development-time feedback. It also includes authoring-time testing capabilities and supports HTTP methods with dynamic headers and query parameters.
The REST Service Call Task is designed to be a single source of truth, with automatic BPMN model serialization and no need for .wid files.
Configuring REST WorkItemHandler
The REST WorkItemHandler supports multiple configuration approaches to accommodate different deployment scenarios, security requirements, and operational preferences. To configure, you can use one of the following methods:
-
REST endpoint URL,
-
HTTP Method,
-
Headers and query parameters,
-
One of the following token acquisition strategies:
-
propagateduses access token from current thread (user-initiated workflows) -
configureduses pre-configured token from application properties (system-triggered processes) -
nonewith no authentication for public APIs
-
-
Request payload,
-
Access tokens or OIDC security.
Configuration can be provided at the following layers:
-
BPMN Model Configuration (Design-time)
-
Application Properties Configuration (Deployment-time)
-
Environment Variables Configuration (Runtime)
BPMN Model Configuration (Design-time)
BPMN Model Configuration is embedded directly in the BPMN process definition through the REST Service Call Task properties panel. Values except test token are stored in the BPMN XML file. Test token is only for testing and not stored in the file. Values are visible to anyone with access to the process definition.
See the following example for reference:
Url: https://api.example.com/users
Method: GET
AccessTokenAcquisitionStrategy: none
Use the BPMN Model Configuration when public API endpoints are used and no security is required. Do not use this configuration for sensitive data or environment-specific URLs.
Application Properties Configuration (Deployment-time)
Application Properties Configuration is a configuration provided in application.properties. Values are read at application startup and can be different per environment. Supports property placeholders for environment variables. Requires application restart to take effect. This approach is recommended for environment-specific configuration.
See the following example for reference:
# Quarkus (application.properties)
# Access token for configured strategy
kogito.processes.user-lookup.FindUserRestCall.access_token=${USER_MGMT_TOKEN}
# Base URL for REST endpoints
api.base.url=https://api.staging.example.com
# Timeout configuration
kogito.rest.default.timeout=30000
# Debug logging
quarkus.log.category."org.kogito.workitem.rest".level=DEBUG
Environment Variables Configuration (Runtime)
Environment Variables Configuration is a configuration provided through operating system environment variables or container orchestration platforms. This approach is most secure for sensitive data like API keys and passwords. Requires application restart to take effect. This approach is recommended for environment-specific configuration.
See the following example for reference:
# Docker Compose
version: '3.8'
services:
bamoe-business-service:
environment:
- KOGITO_PROCESSES_USER_LOOKUP_FINDUSERRESTCALL_ACCESS_TOKEN=${USER_MGMT_TOKEN}
- API_BASE_URL=https://api.production.example.com
Token Configuration for REST Service Call Task WorkItemHandler
REST Service Call Task WorkItemHandler introduces the following configuration properties:
-
Access Token Configuration (Configured Strategy),
-
Debug Logging.
Access Token Configuration
This configuration specifies the access token to use when AccessTokenAcquisitionStrategy is set to configured. This property is required for system-triggered processes that cannot rely on user authentication context. It is a string property that can be set in the application properties file or as an environment variable.
Use the following property format:
kogito.processes.{processId}.{RestServiceCallTaskId}.access_token
See the following example for reference:
# Quarkus
kogito.processes.user-lookup.FindUserRestCall.access_token=${USER_MGMT_TOKEN}
You can also set the property using an environment variable:
KOGITO_PROCESSES_{PROCESSID}_{RESTSERVICECALLTASKID}_ACCESS_TOKEN
See the following example for reference:
export KOGITO_PROCESSES_USER_LOOKUP_FINDUSERRESTCALL_ACCESS_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Debug Logging
This configuration enables detailed logging for the REST WorkItemHandler, including request/response details, authentication flow, and error diagnostics. You can use it for debugging and monitoring REST calls in production environments. It is a string property that can be set in the application properties file or as an environment variable. The default value is INFO, and the supported log levels are TRACE, DEBUG, INFO, WARN, and ERROR. It is not required for system-triggered processes that cannot rely on user authentication context.
Use the following property format:
quarkus.log.category."org.kogito.workitem.rest".level
quarkus.log.category."org.kie.kogito.process.workitems".level
See the following example for reference:
# Quarkus
quarkus.log.category."org.kogito.workitem.rest".level=DEBUG
quarkus.log.category."org.kie.kogito.process.workitems".level=DEBUG
# Spring Boot (application.yml)
logging:
level:
org.kogito.workitem.rest: DEBUG
org.kie.kogito.process.workitems: DEBUG
Using REST Service Call Task WorkItemHandler
This section provides step-by-step guidance on how to effectively use the REST Service Call Task and configure the REST Service Call Task WorkItemHandler in your BAMOE project.
For Business Service Developers
Configure your BAMOE application to support REST WorkItemHandler:
-
Verify that
org.kie.kogito:kogito-rest-workitemdependency is included.The dependency is automatically included in BAMOE BOM and all workflow accelerators. No manual dependency addition is required. For more information, see
org.kie.kogito:kogito-rest-workitem. -
If you are using
configuredauthentication method, configure Access Tokens.Set up the following access tokens in your application properties:
kogito.processes.<processId>.<RestServiceCallTaskId>.access_token=${ACCESS_TOKEN}Add the following environment variable:
export ACCESS_TOKEN=<add generated token> -
Enable detailed logging to diagnose REST call issues:
quarkus.log.category."org.kogito.workitem.rest".level=DEBUG quarkus.log.category."org.kie.kogito.process.workitems".level=DEBUG -
Deploy your application using the standard BAMOE deployment processes.
For BPMN Workflow Authors
Follow these steps to integrate REST API calls into your workflows:
-
Add the Task to Your Workflow.
-
Open your workflow in BPMN Editor in BAMOE Canvas or Developer Tools for VS Code.
-
Locate REST Service Call Task in the task palette, drag it to the canvas and connect it to your workflow sequence flow.
-
-
Configure Basic REST Parameters. Set the following properties in the task properties panel:
Method: GET, POST, PUT, DELETE, or PATCH Url: https://api.example.com/users/#{userId} RequestTimeout: 60000 (milliseconds, optional)You can use process variable interpolation syntax
#{variableName}to make URLs dynamic. -
Select authentication strategy. Choose one of the following authentication methods based on your use case:
-
propagated- Use when the workflow is triggered by a user and you want to forward their authentication token to the REST API. -
configured- Use for system-triggered workflows that need a pre-configured service account token, requiresRestServiceCallTaskId. -
none- Use for public APIs that don’t require authentication.
-
-
Optional: Add headers and query parameters. Configure the following HTTP headers and query parameters as needed:
HEADER_Content-Type: application/json HEADER_Accept: application/json QUERY_page: 1 QUERY_limit: 50NotePrefix header names with HEADER_and query parameters withQUERY_. -
Configure Request Payload for POST, PUT, and PATCH.
-
Map a process variable to the
ContentDatainput parameter. -
The handler automatically serializes your data to JSON.
-
See Request Payload Configuration for more information.
-
-
Map the Response to Process Variables.
-
Configure the Result output mapping in the properties panel.
-
Access response data in subsequent tasks using
#{result.propertyName}.The response is automatically deserialized from JSON.
-
-
Test your configuration.
-
Use the built-in testing capability in the BPMN Editor.
-
Verify the REST call succeeds with test data.
-
Check response mapping works as expected.
-
Request Payload Configuration
Request payloads for POST, PUT, and PATCH operations are provided through the ContentData parameter. You can configure request payloads by using one of the following methods:
-
Direct process variable mapping.
-
Expression-based mapping.
-
Literal string value.
Direct Process Variable Mapping
To use the direct process variable mapping method, do the following steps:
-
Create process variable. See the following example for reference:
// In process initialization or previous task Map<String, Object> employeeData = new HashMap<>(); employeeData.put("firstName", "John"); employeeData.put("lastName", "Doe"); employeeData.put("email", "john.doe@example.com"); employeeData.put("department", "Engineering"); -
Map to ContentData in BPMN. See the following example for reference:
<bpmn2:dataInput id="ContentData" name="ContentData"/> <bpmn2:dataInputAssociation> <bpmn2:sourceRef>employeeData</bpmn2:sourceRef> <bpmn2:targetRef>ContentData</bpmn2:targetRef> </bpmn2:dataInputAssociation> -
Assign the
employeeDataprocess variable to the request body. The REST WorkItemHandler handles JSON serialization automatically when sending POST, PUT, or PATCH requests.
Expression-Based Mapping
To configure request payloads by using expression-based mapping, in BPMN Editor properties panel add the following property:
ContentData: #{employeeData}
Literal String Value
You can configure simple payloads by using literal string value method. In BPMN Editor properties panel add the following property:
ContentData: {"status":"active","priority":"high"}
|
Note
|
This method is not flexible and not recommended for dynamic data. |
Payload Validation Requirements
The REST WorkItemHandler enforces the following validation rules to ensure correct payload configuration:
HTTP Method Validation |
Rule |
|
Allowed Methods |
POST, PUT, PATCH |
|
Disallowed Methods |
GET, DELETE, HEAD, OPTIONS |
|
Validation Message |
ContentData parameter is not supported for GET requests. Use POST, PUT, or PATCH methods to send request payloads. |
|
Content-Type Header Validation |
Rule |
When |
Recommended Value |
|
|
Validation Message |
When sending structured data in ContentData, configure HEADER_Content-Type header (e.g., application/json). |
|
Payload Type Validation |
Rule |
|
Supported Types |
JSON objects, raw strings, process variable references |
|
Unsupported Types |
XML, multipart/form-data, file uploads |
|
Validation Message |
XML payloads are not supported. Use JSON format. |
|
Validation Message |
Multipart form data is not supported. |
|
Validation Message |
File uploads are not supported as ContentData. |
|
Semantic Consistency Validation |
Rule |
Payload configuration must be semantically consistent with HTTP method. |
Validation Message |
Request payload (ContentData) is configured but HTTP method is GET. Change method to POST, PUT, or PATCH, or remove ContentData. |
|
Example (incorrect usage) |
GET method with ContentData configured |