Web Service Function

Configure a function to send web service calls within the Invoke a Web Service journey step or any expression-based field. For example, you can create an external connection that sends backend API calls to a legacy IDP system you have. This allows distributed identity flows, as well as in-flow migrations for existing users.

To add a new external connection, in the Admin Portal navigate to Orchestration > External Connections, select +Add, then under the API category pick Web Service Function. Complete its configuration as described below.

To verify your web service function is configured correctly, test the connection after creation. When the test is run, a new page opens up with either a test success or fail message, and a JSON object containing the response data.


Field Description
Function Arguments List of the parameters that can be passed to the web service when calling the function. Select +Add to add parameters, for each parameter specify the argument name and type description (string, array, boolean, etc.), and optionally provide a description. The values for these arguments are determined upon function triggering.


Field Description
- Request URI * Fully scoped URI that will be sent to the external system's endpoint which FlexID is accessing on behalf of the user. This field is an interpolated string that can include URL parameters using the ${…} format. For example, http://example.com?user=${event.user_id}.
- HTTP Request Method * HTTP request method, where options are: POST, GET, PATCH, PUT, or DELETE.
- Request Body * (If HTTP Request Method is set to POST, PATCH, or PUT) The body of HTTP request. This field is an interpolated string.
- HTTP Request Headers List of HTTP request headers, specified as name-value pairs. Click + Add to add headers.
- Authentication Type * Authentication method, where options are:
- None
- Basic
- Bearer
- OAuth 2 Client Credentials Grant
- OAuth 2 JWT Bearer
- OAuth 2 Password Grant
- AWS Signature v4
- Digest
Each type requires specific configuration. For example, for Bearer provide credentials containing the client secret that will be passed in the authorization header. Select previously created credentials, or click Add Credentials.
SSL Identities:
- Client Certificate Local Identity A client certificate (also known as local SSL identity, mutual SSL certificate, or client-side certificate), which you present to outside entities. The holder of a client-side certificate is authorized to access IDO. Select previously created key, or click Add Key.
- Trusted Identities Also known as server-side certificate, represents outside server identities, which they present to IDO. Select previously created certificate, or click Add Certificate. You may need to add multiple Trusted Identities to access multiple servers.
HTTP connection settings:
- Follow Redirect If checked, a subsequent request will be issued to a new location specified in the redirection response. For example, a session can be redirected for load balancing or to process a form. If unchecked, HTTP 301/302 status will be returned as the response for the original request and the next step will be initiated.
- Request Timeout Time (in seconds or milliseconds) to wait after sending a request, before failing it with a timeout error.
- Request Timeout Unit * Request timeout unit (seconds or milliseconds).
- Connection Timeout Time (in seconds or milliseconds) to wait after initiating a connection to a server (URI), before failing it.
- Connection Timeout Unit * Connection timeout unit (seconds or milliseconds).
- Log Outgoing Request *
- Log Successful Response *
- Log Failed Response *
Classify the severity of the communication event according to these log levels:
- Disable—No logging for this event (default).
- Debug—Event logged as "DEBUG" for providing event detail information.
- Info—Event logged as "INFO" for providing event summary information.
- Warning—Event logged as "WARNING" indicating that it may require action or attention.
- Error—Event logged as "ERROR" which is the highest severity level.


Field Description
Web service response Response behavior of the web service function. Options: Wait and process web service response and Immediately return an empty response and continue processing the request in the background.
Return failure if response is invalid Select this to return a "failed" response when the raw response is considered invalid (e.g., HTTP response status code is less than 200 or greater than 300).
Response Format * Format of the response. Options: None, String, JSON Array, JSON Object, XML. Depending on the format selected, you might need to provide a schema. Providing a JSON schema will allow the journey editor to perform auto completion on the output from web requests.
Apply transformation on response received from the web service For any response format, you can apply a transformation to the received response and specify the schema. Configuring a transformation will add a transformed_data object to the response object. For the "None" response formats, even though the response does not have a body, you can still transform the HTTP headers and the external information.