Here we'll teach you how to create and monitor Actions workflows. For an overview of the SendSafely Actions framework, refer to this article.
Creating a Workflow
When you create a new workflow, you must specify the type of event that triggers it. Every workflow can only be triggered by a single EVENT_TYPE. We currently support two EVENT_TYPEs:
- Upload a file to a Workspace (UPLOAD_WORKSPACE_FILE)
- Finalize a Transfer or Dropzone package (FINALIZE_PACKAGE)
In order to create a new workflow, submit a POST request to the Add Workflow endpoint. An example JSON request body for this endpoint is shown below.
{"workflowEventType":"UPLOAD_WORKSPACE_FILE"}
For enterprise workflows, use the Add Enterprise Workflow endpoint.
In addition to EVENT_TYPE, every workflow has the following properties. Unless otherwise noted, each of these properties can be updated using the Update Workflow endpoint.
- Status. Every workflow is created with the workflowStatus "INACTIVE." Workflows in this state won't trigger until they are updated to "ACTIVE" status. If you delete a workflow, the status is changed to "DELETED" and can't be reverted to "ACTIVE" or "INACTIVE."
- Identity. Personal workflows always execute under the identity of the user who created and owns the workflow. The workflowIdentityUserId is the SendSafely UserID that the workflow will execute as. For enterprise workflows, the identity can be changed so that the workflow can execute as any active admin user within your SendSafely portal. By default, the admin who creates an enterprise workflow is assigned as the identity, but this can be changed after the workflow is created.
- Priority. Workflows are executed sequentially, in order of designated workflowPriority. Within the list of enterprise workflows, each workflow is assigned a numerical priority, starting from 1. Each user’s list of personal workflows also includes a numerical priority. If an event triggers multiple workflows, they are executed in order of relative priority. All matching enterprise workflows run first, followed by any matching user workflows.
- Name. Each workflow can be assigned a workflowName to describe its nature and purpose. Within the list of Enterprise Workflows, every workflow must have a unique name. Within each user’s list of workflows, every workflow must have a unique name.
- Notification Email. The workflowNotificationEmail property indicates the email address to be notified if the workflow triggers a notification. By default, the notification email is set to the user who creates the workflow, but this can be changed after the workflow is created.
- isOrgScope Flag. A Boolean value indicating whether the workflow is an enterprise workflow (TRUE) or personal workflow (FALSE). workflowIsOrgScope cannot be changed once the workflow has been created.
- Organization ID. The workflowOrgId is the unique Organization ID associated with your SendSafely portal. This value cannot be changed.
In order to UPDATE a workflow, submit a PUT request to the Update Workflow endpoint. An example JSON request body for this endpoint is shown below.
{"workflowEventType":"UPLOAD_WORKSPACE_FILE",
"workflowStatus":"ACTIVE",
"workflowPriority":"1",
"workflowName":"MyWorkflow",
"workflowNotificationEmail":"user@example.com"}
Event Properties
When the event occurs, a list of event properties is generated that includes metadata about the event. These properties can be used to create event filters, which can be used to define conditions under which a workflow should run. The event properties for each EVENT_TYPE are outlined below:
UPLOAD_WORKSPACE_FILE
- authenticatedUser: The email address of the user who uploaded the file
- organizationId: The unique Organization ID associated with the SendSafely portal
- packageId: The unique Package ID of the Workspace
- ipAddress: The IP address of the device that the file was uploaded from
- dateTime: The date and time that the file was uploaded, in ISO UTC format
- fileId: The unique SendSafely File ID assigned to the file
- fileName: The name of the file
- directoryId: The unique SendSafely Directory ID that the file was uploaded to
- directoryPath: The path within the workspace of the directory that the file was uploaded to
- packageOwner: The email address of the user who owns the Workspace
- isGuest: A Boolean flag indicating whether the authenticated user is a guest (unregistered) or a Registered User
FINALIZE_PACKAGE
- authenticatedUser: The email address of the user who finalized the package. For unauthenticated Dropzone uploads, this property will show “Unverified Sender” (the email address of the uploader will be shown in the uploader property).
- organizationId: The unique Organization ID associated with the SendSafely portal
- packageId: The unique Package ID of the Package
- packageType: The type of package that was finalized (either "TRANSFER" or "DROPZONE").
- uploader: The email address of the person who uploaded the file. For unauthenticated Dropzone uploads where an email address was provided, the word “Unverified” will be listed in parenthesis next to the email address.
- recipientEmails: The array of recipients associated with the package
- ipAddress: The IP address of the device that the package was finalized from
- dateTime: The date and time that the package was finalized, in ISO UTC format
- keylessPackageLink: The link used to access the package (without a keycode parameter)
- packageOwner: The email address of the package owner
- isGuest: A Boolean flag indicating whether the authenticated user is a guest (unregistered) or a Registered User
Event Filters
Event Filters allow you to execute a workflow only when events match certain criteria. Event filters are based on a subset of the properties associated with the event that triggers the workflow. The following event filters are supported for each EVENT_TYPE:
UPLOAD_WORKSPACE_FILE
| FILTER_TYPE | Description | Supported Operators | Format/Validation |
| PACKAGE_ID | The unique SendSafely Package ID associated with the Workspace. |
EQUALS NOT_EQUALS |
NNNN-NNNN |
| IS_USER_GUEST | Boolean value indicating whether the user is a registered SendSafely user or not. |
EQUALS NOT_EQUALS |
TRUE or FALSE |
| PACKAGE_OWNER | Package Owner |
EQUALS NOT_EQUALS |
xxx@xxx.x or UUID |
| AUTHENTICATED_USER | The email address of the authenticated user that is uploading the file. |
EQUALS NOT_EQUALS |
xxx@xxx.x |
FINALIZE_PACKAGE
| FILTER_TYPE | Description | Supported Operators | Format/Validation |
| IS_USER_GUEST | Boolean value indicating whether the user is a registered SendSafely user or not. |
EQUALS NOT_EQUALS |
TRUE or FALSE |
| PACKAGE_TYPE | The type of package (TRANSFER or DROPZONE) |
EQUALS NOT_EQUALS |
TRANSFER or DROPZONE |
| PACKAGE_OWNER | Package Owner |
EQUALS NOT_EQUALS |
xxx@xxx.x or UUID |
| AUTHENTICATED_USER | The email address of the authenticated user that finalized the package. |
EQUALS NOT_EQUALS |
xxx@xxx.x or “Unverified Sender” |
In order to add an event filter to a workflow, issue a POST request to the Add Workflow Filter. An example JSON request body for this endpoint is shown below.
{"filterType":"PACKAGE_USER",
"filterOperator":"EQUALS",
"filterValue":"user@example.com"}
Default Filters
For Personal Workflows, a default filter is automatically applied that restricts the workflow to only trigger on events related to packages that the user owns. This default filter cannot be edited or removed. The following default filters are applied to each personal workflow based on the EVENT_TYPE:
- UPLOAD_WORKSPACE_FILE:
- PACKAGE_OWNER EQUALS {UserId of Workflow Owner}
- FINALIZE_PACKAGE
- PACKAGE_OWNER EQUALS {UserId of Workflow Owner}
Workflow Actions
Every workflow must have one or more actions, steps carried out by the workflow based on the event that triggered its execution. Actions are executed sequentially based on the actionOrder that the action is assigned, starting with 1.
After an action executes, it returns a result of either TRUE, FALSE, or ERROR to indicate its outcome. If an action returns ERROR, all subsequent steps in the workflow are halted and a notification is generated that includes details of the step that returned the error.
The available actions for each EVENT_TYPE are as follows:
UPLOAD_WORKSPACE_FILE
| Action Type | Description | Result when True | Result when False |
| BLOCK_FILE | Sets the fileState to BLOCKED on the file that triggered the event. Blocked files cannot be viewed or downloaded. | Block was applied | N/A |
| UNBLOCK_FILE | Sets the file state to NULL on the file that triggered the event. | Block was released | N/A |
| HOLD_FILE | Sets the fileState to HOLD on the file that triggered the event. Held files cannot be deleted but can be viewed and downloaded. | Hold was applied | N/A |
| RELEASE_FILE | Sets the file state to NULL on the file that triggered the event. | Hold was released | N/A |
| DELETE_FILE | Deletes the file that triggered the event. | File was deleted | N/A |
FINALIZE_PACKAGE
| Action Type | Description | Result when True | Result when False |
| BLOCK_PACKAGE | Sets the fileState to BLOCKED on all files in the package that triggered the event. Blocked files cannot be viewed or downloaded. | Block was applied | N/A |
| UNBLOCK_PACKAGE | Sets the file state to NULL on all files in the package that triggered the event. | Block was released | N/A |
| HOLD_PACKAGE | Sets the fileState to HOLD on all files in the package that triggered the event. Held files cannot be deleted but can be viewed and downloaded. | Hold was applied | N/A |
| RELEASE_PACKAGE | Sets the file state to NULL on all files in the package that triggered the event. | Hold was released | N/A |
| DELETE_PACKAGE | Deletes the package that triggered the event. | Package was deleted | N/A |
External Webhook Actions
The INVOKE_WEBHOOK action is available for any event. INVOKE_WEBHOOK can be used to trigger an external webhook that can perform custom actions. Because INVOKE_WEBHOOK actions are external to SendSafely, they must return a response within 15 minutes. If a response is not received within 15 minutes, a TIMEOUT result is recorded and the workflow is halted. External webhook actions can also return true/false results based on the specific task they perform. The webhook itself must provide guidance (in its own documentation) for how to interpret true/false responses.
Action Notifications
When adding an action to a workflow, you can assign a notification preference for the action. A notification email that includes details on the result of the action/step is sent to the workflowNotificationEmail. By default, notifications are generated when an action results in an ERROR or TIMEOUT. You can change this behavior by configuring one of the following notification preferences:
- DEFAULT: Notify when the action/step results in an ERROR or TIMEOUT
- ON_TRUE: Notify when the action/step results in TRUE, ERROR, or TIMEOUT
- ON_FALSE: Notify when the action/step results in FALSE, ERROR, or TIMEOUT
- ON_SKIP: Notify when the action/step is SKIPPED due to a filter, or results in ERROR or TIMEOUT
- ALWAYS: Always notify when the action/step runs
In order to add an action to a workflow, issue a POST request to the Add Action endpoint. An example JSON request body for this endpoint is shown below.
{"actionType":"BLOCK_PACKAGE",
"actionNotify": "DEFAULT"}
When adding the “INVOKE_WEBHOOK” actionType, you must specify an additional “actionInput” value with the URL for the webhook endpoint. An example JSON request body for this option is shown below.
{"actionType":"INVOKE_WEBHOOK",
"actionInput":"https://k927jhd0s.lambda-url.us-east-1.on.aws/",
"actionNotify":"DEFAULT"}
Action Filters
Action Filters allow you to execute a specific step/action only if certain criteria are met. Action filters can be based on the results of a previous step in the workflow or on the event properties that triggered the workflow (the same properties and operators available when setting an Event Filter). Unless ALL criteria specified in an action’s Action Filters are met, the action will be SKIPPED (not executed) and the workflow will proceed to the next step.
Refer to the Event Filters above for the list of filters supported for each EVENT_TYPE. The additional filter types available when setting an Action Filter (available for all event types) are as follows:
| FILTER_TYPE | Description | Supported Operators | Format/Validation |
| ACTION_RESULT_TRUE | References a specific step/action that must return TRUE | EQUALS | Action ID of a previous step in the same workflow |
| ACTION_RESULT_FALSE | References a specific step/action that must return FALSE | EQUALS | Action ID of a previous step in the same workflow |
| ACTION_RESULT_SKIPPED | References a specific step/action that was SKIPPED due to a filter | EQUALS |
Action ID of a previous step in the same workflow
|
In order to add an action filter to a workflow, issue a POST request to the Add Action Filter endpoint. An example JSON request body for this endpoint is shown below.
{"filterType":"ACTION_RESULT_TRUE",
"filterValue":"e8d462f3-0235-4908-a003-08debe478204",
"filterOperator":"EQUALS"}
Monitoring Workflow Executions
Once a workflow is active, you can monitor invocations of the workflow by viewing the Workflow Execution Logs, which are generated every time a workflow runs. Execution logs include details of the Workflow that ran along with information about the triggering event and each action/step within the workflow. The following details are included in every execution log entry:
- workflowId - The Workflow ID that was executed
- workflowName - The name assigned to the workflow when it ran
- runnerId - Unique ID of the back-end process responsible for executing the workflow. For any given workflow, the runnerId will be unique for every execution.
- createTimestamp - Timestamp from when the workflow was queued for execution, in ISO UTC format
- startTimestamp - Timestamp from when the workflow execution began, in ISO UTC format. The time in between the create and start timestamp can be larger for workflows that run after other workflows which might have been triggered by the same event (such as a higher-priority workflow, or an enterprise workflow that precedes a user workflow)
- endTimestamp - Timestamp from when the workflow execution ended, in ISO UTC format
-
state - The current state of the workflow execution. Can be one of the following:
- PENDING: Queued for execution, but not yet started (typically waiting on a higher-priority workflow to complete)
- RUNNING: Execution in progress
- COMPLETE: Execution completed successfully (no error or timeout responses)
- ERROR: Execution was aborted due to an error in one of the steps/actions
- TIMEOUT: Execution was aborted because an external webhook did not resume within 15 minutes
-
eventTarget - The ID of the object that triggered the workflow, which varies based on the EVENT_TYPE that triggered the workflow:
- UPLOAD_WORKSPACE_FILE - The File ID of the uploaded file
- FINALIZE_PACKAGE: The Package ID that was finalized
- workflowIdentity - The SendSafely UserId of the identity configured for the workflow
- orgScope - Boolean value indicating whether the Workflow is an Enterprise Workflow (true) or Personal Workflow (false)
- organizationId - The unique Organization ID associated with the SendSafely portal
- eventPayload - JSON payload that includes the Event Properties associated with the triggering event
-
executionResults - JSON array with detailed status/output from each step/action of the workflow. Each entry includes:
- step: The step number, starting from 1
- actionId: The unique Action ID of the workflow step
- actionType: The Action Type (BLOCK_FILE, UNBLOCK_FILE, etc)
- start: Execution start time for this step, in ISO UTC format)
- end: Execution end time for this step, in ISO UTC format
- result: The result returned by the action: TRUE, FALSE, ERROR, TIMEOUT or SKIPPED
- message: The result message returned by the action (informational only)
- notify: The notification preference for the step/action (DEFAULT, ON_TRUE, ON_FALSE, ON_SKIPPED or ALWAYS)
In order to view the execution logs related to your workflows, issue a GET request to the Execution Logs endpoint.
Comments
0 comments
Please sign in to leave a comment.