Integrate on-premises applications via Nintex Gateway
A developer or administrator role is required. For information, see User roles.
Nintex Gateway allows you to create Xtensions to integrate on-premises applications with Nintex Automation Cloud.
Nintex Gateway acts as middleware to authenticate the communication between Nintex Automation Cloud and your on-premises application, allowing you to connect your application without leaving ports vulnerable in your network. Nintex Gateway can perform authentication via Active Directory on your network, using basic username and password, or via Managed authentication using Nintex Gateway generated API keys.
To integrate an on-premises application with Nintex Automation Cloud, you need:
- Nintex Gateway installed and configured on your network, and connected to your Nintex Automation Cloud tenant.
- An on-premesis application with a RESTful API Representational State Transfer: a style of software architecture that separates state and functionality into distributed resources, with each resource uniquely addressable, typically using HTTP commands. RESTful applications are usually stateless and support caching. that can be described in an OpenAPI Specification file.
- An OpenAPI Specification file defining the operations A single request to a third-party API. Operations often become actions in the workflow designer. you want to perform on your on-premesis application.
- If your application provides an OpenAPI Specification for integrations, see Import a third-party specification for guidance on modifying a third-party OpenAPI Specifications for use as an Xtension.
- If you are creating the OpenAPI Specification yourself and you're not familiar with creating OpenAPI Specifications, see Build your first Xtension for some recommended tools, or follow our tutorial on building your first OpenAPI Specification.
See Installing Nintex Gateway.
Note: Xtensions supports OpenAPI Specification version 2.
For more information on Nintex Gateway, see Nintex Gateway.
Looking for an example? See Use Nintex Gateway to integrate with SAP Theobald using yunIO
Jump to:
Define the Nintex Gateway host
When an Xtension uses Nintex Gateway, the Nintex Gateway installation on your network receives the operation requests from Nintex Automation Cloud and passes them through to your on-premises application.
The URL for your Nintex Gateway installation is stored in your Nintex Automation Cloud tenant. The {{x-ntx-gateway-uri}} variable tells Nintex Automation Cloud to use that URL as your Xtension's host URL.
In the root level of your OpenAPI Specification, add the x-ntx-host property with a value of {{x-ntx-gateway-uri}}.
Note: Normally, variables used with specification extensions like x-ntx-host need to be listed as additional connection properties. In this case, the {{x-ntx-gateway-uri}} is a special variable Nintex Automation Cloud handles internally. You do not need to define it in your connection properties.
For more information on overriding host paths, see x-ntx-host.
{
"swagger": "2.0",
"info": {
"version": "1.0.0",
"title": "On-Premesis Xtension",
"description": "Connects with our on-premesis application",
},
"x-ntx-host": "{{x-ntx-gateway-uri}}",
"schemes": [
"https"
],
}
Replace the basePath
Nintex Gateway can integrate with multiple on-premises platforms such as SharePoint on-premises, Microsoft SQL Server on-premises, and Nintex RPA. To make sure requests from this Xtension are handled correctly by Nintex Gateway, replace the basePath with the/xtension/ value to flag these operations as an Xtension.
Note: The on-premises service URL, where your on-premises application expects to receive requests, is collected by your Xtension's connection properties when your workflow designers create a connection. See Add a connection property for the on-premises service URL, below.
In the root level of your OpenAPI Specification, change the value of the basePath property to /xtension/.
{
"swagger": "2.0",
"info": {
"version": "1.0.0",
"title": "On-Premesis Xtension",
"description": "Connects with our on-premesis application",
},
"x-ntx-host": "{{x-ntx-gateway-uri}}",
"basePath": "/xtension/",
"schemes": [
"https"
],
}
Add the validation operation
Nintex Gateway validates all new connections The stored authorization credentials for a connector. using a special validation endpoint The address of a specific resource provided by the third-party API.. If this operation is used then Nintex Gateway will check that it can reach (on a network level) the baseurl of the on-premises application. This validates the connection from Nintex Automation Cloud to Nintex Gateway and the network connection from Nintex Gateway to the baseurl.
The /x-ntx-validate endpoint allows you to define this validation operation without hard-coding your Nintex Gateway URLs in your OpenAPI Specification. This endpoint is converted to the full validation URL when validating the connection.
In the paths object:
- Add a new operation A single request to a third-party API. Operations often become actions in the workflow designer. of /x-ntx-validate.
- Add a GET HTTP method The HTTP action to perform on the endpoint, such as GET, POST, DELETE, PUT. In defined inside the operation's path object in the OpenAPI specification..
- Add an operationId of validateConnection.
- Add the property x-ntx-visibility with a value of internal.
- Add a response The return from a third-party API after a request has been made by the client. object of 200.
- Add a response object of default for all other response codes.
You can also define your own validation endpoint if you prefer.
The x-ntx-visibility property hides this operation within Nintex Automation Cloud so it doesn't clutter your Action toolbox.
For more information on defining operations, see our basic OpenAPI Specification tutorial: Define the operations.
"paths": {
"/x-ntx-validate": {
"get": {
"operationId": "validateConnection",
"x-ntx-visibility": "internal",
"responses": {
"200": {
"description": "OK"
},
"default": {
"description": "Operation Failed."
}
}
}
},
Add connection validation to the security definition
To ensure Nintex Automation Cloud validates your Nintex Gateway URL when creating a connection, add the validation URL to the security definition using the x-ntx-connection-validation specification extension.
In the securityDefinition object:
- Create an object for basic authentication Identifying the API requestor using a username and password passed in the HTTP header., if one doesn't already exist.
- Inside the basic security definition, add the x-ntx-connection-validation property.
- Inside the x-ntx-connection-validation property, add the property operationId with a value of validateConnection.
See Add basic authentication for help with creating basic authentication security definitions.
This tells Nintex Automation Cloud to use the validation operation we defined earlier. You can also define your own validation operations the same way.
For more information on validation operations, see x-ntx-connection-validation.
"securityDefinitions": {
"basic": {
"type": "basic",
"x-ntx-connection-validation": {
"operationId": "validateConnection"
}
}
}
Add connection properties to the security definition
When creating a connection to your Xtension, workflow designers need to:
- Select which Nintex Gateway integration to use in your Nintex Automation Cloud tenant.
- Specify the service URL of the on-premises application they're integrating with.
- Authenticate to your network via Nintex Gateway.
- Authenticate to your on-premises application.
This information is collected by additional fields that are displayed on the Add connection screen. These fields are defined in your OpenAPI Specification using the x-ntx-connection-properties specification extension.
To add connection properties to the security definition:
- Inside the basic security definition, add the x-ntx-connection-properties object.
- Inside the x-ntx-connection-properties object:
- Add a type property with a value of object.
- Add a properties object.
We will add the connection properties to this properties object in the next steps.
For more information on defining custom connection properties, see x-ntx-connection-properties.
"securityDefinitions": {
"basic": {
"type": "basic",
"x-ntx-connection-validation": {
"operationId": "validateConnection"
},
"x-ntx-connection-properties": {
"type": "object",
"properties": {}
}
}
}
Add a connection property for Nintex Gateway integration
Your Nintex Automation Cloud tenant may have more than one Nintex Gateway integration. Add the x-ntx-gateway-id connection property so your workflow designers can select from a drop-down list of existing Nintex Gateway integrations when they create their connections.
Inside the properties object of x-ntx-connection-properties:
- Add an x-ntx-gateway-id object.
- Inside the x-ntx-gateway-id object:
- Add a type property with the value of string.
- Add a title property with the value Select Nintex Gateway.
"x-ntx-connection-properties": {
"type": "object",
"properties": {
"x-ntx-gateway-id": {
"type": "string",
"title": "Select Nintex Gateway"
}
}
}
Add a connection property for the on-premises service URL
The service URL is the base URL where your on-premises application expects to receive requests from integrating services. It is combined with the operation paths defined in the path object to create the complete endpoints.
Add the x-ntx-gateway-xtension-baseurl property to store the service URL:
Inside the properties object of x-ntx-connection-properties:
- Add an x-ntx-gateway-xtension-baseurl object.
- Inside the x-ntx-gateway-xtension-baseurl object:
- Add a type property with the value of string.
- Add a title property with the value On-premises service URL.
- Add a description property with the value Base URL of the on-premises service, including HTTPS://.
- Add a pattern property with the value of ^(https?:\/\/[^\/?#]+)(?:[\/]|\/.+|)$.
The pattern property ensures your workflow designers see an error if they type a malformed URL, such as forgetting the HTTPS://. It does not check if the URL is the correct URL for your application. For more information on using the pattern property, see Validate with regex.
"x-ntx-connection-properties": {
"type": "object",
"properties": {
...
"x-ntx-gateway-xtension-baseurl": {
"type": "string",
"title": "On-premises service URL",
"description": "Base URL of the on-pmreises service, including HTTPS://.",
"pattern": "^(https?:\/\/[^\/?#]+)(?:[\/]|\/.+|)$"
}
}
}
Add connection properties for the on-premises authentication
Note: This topic shows using basic authentication against the on-premises application.
Add username and password connection properties to collect the username and password that will be supplied to the on-premises application when making requests.
Inside the properties object of x-ntx-connection-properties:
- Add a username object.
- Inside the username object:
- Add a type property with the value of string.
- Add a title property with the value On-premises username.
The title is the label shown for this field when creating the connection. You can change the value to something more specific if needed.
- Add a password object.
- Inside the password object:
- Add a type property with the value of string.
- Add a title property with the value On-premises password.
- Add a format property with the value password.
"x-ntx-connection-properties": {
"type": "object",
"properties": {
...
"username": {
"type": "string",
"title": "On-premises application username"
},
"password": {
"type": "string",
"title": "On-premises application password"
}
}
}
Add connection properties for Nintex Gateway authentication
Nintex Gateway ensures that all requests must authenticate to your network before they are allowed to proceed. You can authenticate either via Active Directory, or by API keys generated by Nintex Gateway.
When receiving a request, Nintex Gateway will first check if an API key has been provided. If the connection does not have an API key, it will attempt to authenticate with Active Directory credentials.
The connection properties depend on which Nintex Gateway authentication method you're using:
- Active Directory with username and password, where your workflow designers will use their Active Directory credentials to create the connection.
- Managed authentication with an API key, where your workflow designers will provide an API key that has been generated by your Nintex Gateway installation.
Active Directory with username and password
If your network supports authentication via Active Directory, your workflow designers can provide their Active Directory username and password when creating connections for this Xtension.
Inside the properties object of x-ntx-connection-properties:
- Add an x-ntx-gateway-username object.
- Inside the x-ntx-gateway-username object:
- Add a type property with the value of string.
- Add a title property with the value Active Directory username.
The title is the label shown for this field when creating the connection. You can change the value to something that suits your organization's terms.
- Add an x-ntx-gateway-password object.
- Inside the x-ntx-gateway-password object:
- Add a type property with the value of string.
- Add a title property with the value Active Directory password.
- Add a format property with the value password.
"x-ntx-connection-properties": {
"type": "object",
"properties": {
...
"x-ntx-gateway-username": {
"type": "string",
"title": "Active Directory username"
},
"x-ntx-gateway-password": {
"type": "string",
"title": "Active Directory password",
"format": "password"
}
}
}
Managed authentication with an API key
If your network does not use Active Directory, you can generate an API key within Nintex Gateway to secure your requests.
Inside the properties object of x-ntx-connection-properties:
- Add an x-ntx-gateway-apikey object.
- Inside the x-ntx-gateway-apikey object:
- Add a type property with the value of string.
- Add a title property with the value Nintex Gateway API key.
For more information on using Nintex Gateway API keys, see Nintex Gateway API keys.
"x-ntx-connection-properties": {
"type": "object",
"properties": {
...
"x-ntx-gateway-apikey": {
"type": "string",
"title": "Nintex Gateway API key"
}
}
}
Add the list of required connection properties
Connection properties added with x-ntx-connection-properties are optional by default, meaning the workflow designer can leave them blank and still successfully create the connection.
For Nintex Gateway, all the connection properties we've defined are necessary, so we need to designate them as required. The workflow designer will not be able to create a connection unless they complete all the additional information.
Inside the properties object of x-ntx-connection-properties:
- Add a required property.
- For the value of the required property, add an array of the property names of each connection property you created.
The example shows the required array for an Xtension using Active Directory authentication.
"securityDefinitions": {
"basic": {
"type": "basic",
"x-ntx-connection-validation": {
"operationId": "validateConnection"
},
"x-ntx-connection-properties": {
"type": "object",
"required": [
"x-ntx-gateway-username",
"x-ntx-gateway-password",
"x-ntx-gateway-id",
"x-ntx-gateway-xtension-baseurl",
"username",
"password"
],
"properties": { ... }
Complete security definition sample
The following is a sample security definition using Active Directory authentication.
"securityDefinitions": {
"basic": {
"type": "basic",
"x-ntx-connection-validation": {
"operationId": "validateConnection"
},
"x-ntx-connection-properties": {
"type": "object",
"required": [
"x-ntx-gateway-username",
"x-ntx-gateway-password",
"x-ntx-gateway-id",
"x-ntx-gateway-xtension-baseurl",
"username",
"password"
],
"properties": {
"x-ntx-gateway-id": {
"type": "string",
"title": "Select Nintex Gateway"
},
"x-ntx-gateway-xtension-baseurl": {
"type": "string",
"title": "On-premises service URL",
"description": "Base URL of the web service.",
"pattern": "^(https?:\/\/[^\/?#]+)(?:[\/]|\/.+|)$"
},
"username": {
"type": "string",
"title": "On-premises application username"
},
"password": {
"type": "string",
"title": "On-premises application password"
},
"x-ntx-gateway-username": {
"type": "string",
"title": "Network username"
},
"x-ntx-gateway-password": {
"type": "string",
"title": "Network password",
"format": "password"
}
}
}
}
}
The following is a sample security definition using managed authentication using a Nintex Gateway API key.
"securityDefinitions": {
"basic": {
"type": "basic",
"x-ntx-connection-validation": {
"operationId": "validateConnection"
},
"x-ntx-connection-properties": {
"type": "object",
"required": [
"x-ntx-gateway-id",
"x-ntx-gateway-apikey",
"x-ntx-gateway-xtension-baseurl",
"username",
"password"
],
"properties": {
"x-ntx-gateway-id": {
"type": "string",
"title": "Select Nintex Gateway"
},
"x-ntx-gateway-apikey": {
"type": "string",
"title": "Nintex Gateway API key"
},
"x-ntx-gateway-xtension-baseurl": {
"type": "string",
"title": "On-premises service URL",
"description": "Base URL of the web service.",
"pattern": "^(https?:\/\/[^\/?#]+)(?:[\/]|\/.+|)$"
},
"username": {
"type": "string",
"title": "On-premises application username"
},
"password": {
"type": "string",
"title": "On-premises application password"
}
}
}
}
}
Recommended: Add complex object support
Add complex object support to your OpenAPI Specification using x-ntx-render-version: 2.
In the root level of your OpenAPI Specification, add the x-ntx-render-version property with a value of 2.
For more information on complex object support, see Send arrays or complex objects
"securityDefinitions": {
"basic": {
...
}
},
"x-ntx-render-version": 2,