Configuring K2API Web Service to enable Mobile Connectivity

The K2API Web Service on the K2 application server allows mobile devices to connect to the K2 server. If you are using K2 Five, you can also install the services on a different server in your DMZ or extranet environment, by installing the K2 Workspace on a secondary server and exposing that server to the extranet.

The K2API Web Service is installed and configured during installation. It is installed on servers that run SmartForms as well as servers that run the K2 service. The K2API is hosted in Internet Information Services (IIS) and can be configured using the IIS Management Console. The standard installation of the K2API is sufficient for most use cases.

After one of the cumulative updates mentioned in the Nintex K2 migration to Microsoft Graph article is installed on your system, your K2 environment is automatically configured for K2 Workspace and the topics in this section must be ignored.

Use the following steps to ensure mobile device connectivity:

  • Install the K2API on your web server using the K2 installer.
  • During installation, configure the appropriate binding (protocol and port number) for the web server. The K2API  uses these bindings.
  • Open IIS Management and check that the correct application pool is set for the K2API web application.
  • Ensure that DNS entries resolve network traffic for the configured binding to the web server.
  • Ensure that the firewall is configured to allow access to the K2API web service
  • Verify that the REST endpoints are working by using the following test URLs, replacing server in the examples with your environment values:
    • https://server/k2api/fed/worklistitem
    • https://server/K2api/fed/category/Application%20Forms
To enable the mobile applications to connect to the K2API, you must expose the K2API endpoint on your extranet (unless your mobile devices connect through VPN). The K2 Workspace installation add a folder called 'k2api' to the root of the K2 website. This is the folder that must be exposed to the extranet unless you are going to require that mobile users connect to VPN before using the K2 Workspace (Mobile) app.
  • You can position the K2Api behind a load balancer if required
  • Ensure that the SSL certificate for the K2 API is valid according to Apple's requirements. If it is not, you will receive an "Invalid Certificate" error when the iOS application signs in. You can view the certificate information by entering your K2 server URL into any desktop browser. Take note of the required encryption level and expiration.