POST Workflow/Ticket/Create

Initiates a ticket to proceed through a existing workflow and acts on a Policy tree object. For example, this API call can initiate a renewal for a certificate that is already in the Policy tree. Workflow/Ticket/Create automatically assigns approver permissions as necessary so the ticket can proceed through the workflow.

If ticket creation is for certificate renewal, the certificate status changes to Pending workflow resolution. To change the status, an authorized identity can approve or reject the certificate in the following ways:

TIP  To track the progress of the workflow ticket, use the GUID from the return value of other Workflow API calls.


  • Token scope:  Configuration:Manage


  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.


Input parameters




The Distinguished Name (DN) of the object that will be managed by a workflow.


A single identity or an array of identities who can approve or reject certificate renewals.

To get the Prefixed Universal Id, call POST Identity/Browse. Specify each PrefixedUniversal in one of the following formats:

For example:

  • For an identity Name, either specify a corresponding Prefix OR use PrefixedName instead.
  • For an authentication provider Prefix, either specify a corresponding Universal OR use PrefixedUniversal instead.


(Optional) The user-defined reason code that is present in the Workflow tree.


(Optional) Arbitrary text to attach to the ticket.

When workflow tickets are created by Trust Protection Platform, this is a comma separated list of identities expressed as prefixed universals. This data can be used when enumerating tickets.


The DN location of the workflow that will manage the ObjectDN. Specify the location of the workflow in the Policy tree.


Response description



HTTP 200

For valid requests, this call returns a HTTP 200 message and the following data in the message body:

  • GUID: A string that uniquely identifies the workflow ticket.

  • Result: Integer result code indicating success (1) or failure. For more information, see Workflow result codes.

HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

  • error: The reason for the error.
  • error_description: If available, additional information about how to retry the request.

Example: Create a workflow ticket


POST https://tpp.venafi.example/vedsdk/Workflow/Ticket/Create
Authorization:Bearer 4MyGeneratedBearerTknz==


HTTP/1.1 200 OK