How to set refID for HTTP Action in Workflow via API?

RadhikaM · May 6, 2026, 4:55am

Hi Team,

I created a workflow in Identity Security Cloud using an external trigger. The workflow contains an HTTP Action where the Authentication Type is set to OAuth 2.0 - Client Credentials Grant.

My flow is:

Create the workflow via API.
Patch a newly created parameter.
Send a PATCH request to enable the workflow.
Run the workflow via API.

However, when I try to execute the workflow via API, I get an error saying that refId is missing.

I noticed that if I disable and enable the workflow once from the ISC UI, the refId is automatically generated, and the next execution works successfully.

My requirement is to perform everything via API only. I do not want to use the UI at any point.

VIA API:

“error”: “failed to retrieve Parameters for authentication type ‘oauth’: unexpected Parameter configuration”,

                    "method": "post",
                    "param_authenticationRef": "oauth",
                    "param_oauth": {
                        "mapping": {
                            "auth_client_id": "clientId",
                            "auth_client_secret": "clientSecret",
                            "auth_credential_location": "credentialLocation",
                            "auth_token_url": "tokenURL"
                        },
                        "paramID": "5d651594-941a-4349-9208-99d32b49b06a",
                        "paramType": "1.4"
                    },

After enabling via UI

                    "method": "post",
                    "param_authenticationRef": "oauth",
                    "param_oauth": {
                        "mapping": {
                            "auth_client_id": "clientId",
                            "auth_client_secret": "clientSecret",
                            "auth_credential_location": "credentialLocation",
                            "auth_token_url": "tokenURL"
                        },
                        "paramID": "5d651594-941a-4349-9208-99d32b49b06a",
                        "paramType": "1.4",
                        "refID": "d2f3f836-9e06-4a77-a207-de4c01368dd1"
                    },

Could someone please help me understand:

How can I generate or set the refId for the HTTP Action via API?
Is there a specific API endpoint or payload field required for this?
Is this expected behavior, or a limitation/bug in the workflow API?

Thanks in advance.

punna0001 · May 6, 2026, 5:53am

Hello Radhika,
I looked into the Parameter Storage docs & the workflow API and I think I found what’s happening here.

refID and paramID are actually two different things. Your own payload confirms it since both are different UUIDs. paramID is the Parameter Storage parameter ID. refID is a separate reference record that ISC creates to track that a specific parameter is linked to a specific workflow. The Parameter Storage docs describe references as an indirect mapping between a parameter and its usage, for example inside a workflow.

From what I can see in the Parameter Storage API, the public surface only exposes GET /parameter-storage/parameters/{id}/references to read references. There is no documented POST to create one. It looks like ISC generates the reference record internally when you activate a workflow through the UI, and the public workflow API does not trigger that same step. That would explain why the disable/enable toggle fixes it for you.

To address your questions:

There does not appear to be a public endpoint to generate or set a refID via API right now
Setting refID to paramID or generating a random UUID will not work since it needs to be a real reference record created by ISC
This looks more like a gap in the Parameter Storage/Workflow API contract than a bug or payload issue

Workaround that might work for now:

Create the workflow via API as you are doing
Enable it once from the UI to let ISC generate the refID
GET /v2026/workflows/{id} to capture it
Confirm with GET /v2026/parameter-storage/parameters/{paramID}/references
Use that refID as your template going forward

refID appears to be per workflow, not per parameter. So if you are creating multiple workflows using the same OAuth parameter, each one would need its own UI enable step.

Might be worth opening a support ticket to confirm this behavior & submitting an idea for a POST /parameter-storage/references endpoint so this can be done fully via API.

RadhikaM · May 6, 2026, 6:13am

Thanks, but the goal was to automate the process completely.

punna0001 · May 6, 2026, 6:39am

Got it. Based on what’s available in the public API today, i think there is no way to complete this fully without touching the UI at least once per workflow. The reference creation step is internal and not exposed. The workaround I mentioned is the only path I am aware of right now, but it does require that one manual step. Not ideal if your goal is full automation.

Topic		Replies	Views
Using Workflow's HTTP Request Action to Work With IdentityNow APIs ISC Community Knowledge Base workflows , apis	19	5529	February 24, 2026
Workflows HTTP Request ISC Discussion and Questions workflows , apis , identity-security-cloud	3	38	June 9, 2026
Unable to make a call internally to IDN from workflow ISC Discussion and Questions workflows , identity-security-cloud	8	141	July 9, 2025
Enhancement: HTTP Request Action with Parameter Storage Credentials Product News workflows , new-enhancement , parameter-store	21	595	April 13, 2026
HTTP Action in Workflows ISC Discussion and Questions workflows , identity-security-cloud	6	1324	July 3, 2023

How to set refID for HTTP Action in Workflow via API?

Related topics