TAS call module - TAS 2 TAS (process creation via API)

Creating a case via API

The Start Process API endpoint lets you create a new case from an existing template, populate variables with input data, and start the workflow — all in a single call. The operation is atomic — the case is either created completely, or not at all.

Available in the apiExtensions plugin from versions 5.7.75 and 5.17

Endpoint

Method: POST

URL: /api/plugins/api-extensions/start-process

Authentication

Every call must include a Bearer token in the HTTP header:

Authorization: Bearer <accessToken>
Content-Type: application/json

The token can be generated on the application side in the API Tokens section.

Request body

{
"processId": 27, //ID of the header (headerId) of the process being started
"data": {
"processVariable1": "value1",
"processVariable2": "value2"
}
}

Field

Type

Description

processId

number

ID of the process header (template) the case is created from

data

object

Key–value pairs matching the template's variables

Supported value types in data

Type

Example

String

"value1"

Number

100

Date (YYYY-MM-DD)

"2025-01-01"

The field must exist on the given template. For enumerated values (LOV), you must use one of the existing values that the LOV variable contains on the template — otherwise an error occurs and the case is not created.

Example call

try {
const accessToken = 'xxxxxx';
const configStartNewProces = {
method: "post",
url: `/api/plugins/api-extensions/start-process`,
headers: {
"Authorization": `Bearer ${accessToken}`,
"Content-Type": "application/json"
},
data: JSON.stringify({
processId: 27, //ID of the header (headerId) of the process being started
data: {
"processVariable1": "value1",
"processVariable2": "value2"
}
})
};
const requestStartNewProces = axios.getAxios().requestRaw(configStartNewProces);
proc.warn(`requestStartNewProces Result`, { requestStartNewProces });
} catch (error) {
proc.warn(`requestStartNewProces error`, { error });
}

The code must not contain async/await — the transpiler adds them automatically. Using them manually causes a runtime error.

Recommendation for the administrator

  • We recommend adding the variable _isCaseCreatedByAPI with the value "true" to the data object. The template can then immediately recognize that the case was created via the API and react to it in conditions or routing.
  • All values from data are available already in the Start task — the workflow can work with them immediately (conditions, routing, decisions) without waiting for the next step.

Example: "_isCaseCreatedByAPI": "true" — add this variable to the template as a text field and the workflow can read it right from the start.

Behavior on error

If any error occurs (invalid input, non-existent processId, a problem starting the workflow):

  • the case is not created,
  • no data is saved,
  • no incomplete or "broken" processes remain in the system.

Uploading a document via API

This section describes how to upload a document from an external system into an existing case in TAS via the REST API. It assumes the case already exists and you know its iprocId.

Prerequisites

  • You know the base URL of the target TAS instance (e.g. https://your-instance.teamassistant.app). All API calls go to {baseUrl}/api.
  • You have a valid authentication token (Bearer). The recommended approach is a long-lived API token (Administration → API tokens, from version 5.17). On older versions, you obtain a token by logging in at /api/authenticate.
  • You know the iprocId of the case you want to upload the document to.
  • The user the token acts as has permissions for the given case.

Authentication

Every call must include the token in the HTTP header:

Authorization: Bearer <your_token>
We recommend using a dedicated integration account and an API token tied to that account. The token acts in the context of the given user and inherits its roles and permissions. This gives you a clean audit trail and the ability to disable the integration at any time by invalidating the token.

Obtaining a token (older versions / without an API token)

If you are not using a long-lived API token, log in and retrieve the token from the response:

Endpoint: POST {baseUrl}/api/authenticate

Body (JSON):

{
"username": "INTEGRATION.EXTSYSTEM",
"password": "********",
"grant_type": "password"
}

Use the returned token as the Bearer in subsequent calls.

Uploading the document

The document is uploaded as multipart/form-data — the file is sent as binary data in the file field, not as Base64 in JSON.

Endpoint: POST {baseUrl}/api/dms/upload

Body (form-data):

Key

Type

Value

Required

file

File

Binary content of the uploaded file

Yes

filename

Text

Name the document is saved under (e.g. invoice-2026-001.pdf)

Yes

iprocId

Text

ID of the case the document is attached to

Yes

itaskId

Text

Task ID — links the attachment to a specific task. Not needed for uploading to a case.

No

To upload a document to a case, iprocId is enough. Provide the itaskId parameter only when the attachment should be linked to a specific task (e.g. it is displayed on that task's form).

Example — cURL
curl -X POST "https://your-instance.teamassistant.app/api/dms/upload" \
-H "Authorization: Bearer <your_token>" \
-F "file=@/path/to/file/invoice.pdf" \
-F "filename=invoice-2026-001.pdf" \
-F "iprocId=155286"

Example — Node.js (axios + form-data)
const axios = require('axios');
const FormData = require('form-data');
const fs = require('fs');

const baseUrl = 'https://your-instance.teamassistant.app';
const token = '<your_token>';
const iprocId = '155286';

const form = new FormData();
form.append('file', fs.createReadStream('./invoice.pdf'));
form.append('filename', 'invoice-2026-001.pdf');
form.append('iprocId', iprocId);

await axios.post(`${baseUrl}/api/dms/upload`, form, {
headers: {
...form.getHeaders(),
Authorization: `Bearer ${token}`,
},
});

Result

After a successful call, the document is attached to the case iprocId and is available in its documents (DMS). If you provided itaskId, it is also linked to that task.

For security reasons, the token is shown only once when created and cannot be displayed again later. Store it securely on the external system's side. When ending the integration or on suspicion of compromise, invalidate the token in Administration → API tokens.

Frantisek Brych Updated by Frantisek Brych

DocuSign

DB View

Contact

Syca (opens in a new tab)

Powered by HelpDocs (opens in a new tab)