Skip to content
Trigger

Trigger any workflow
from anywhere, securely

A full REST API for triggering workflows. Custom scoped tokens, IP and domain allowlisting, signature verification, encryption at rest.

Trigger
How it works

From external system to triggered workflow in 4 secure steps

Generate a token with exact scopes. Allowlist source addresses. Every request is authenticated and logged.

1

Long Lived Tokens

Generate a token with the exact scopes

Open the API settings and create an access token for the integration. Pick exactly the scopes it needs: read specific workflows, trigger a category, or full access. Tokens are long lived; rotate or revoke anytime.

  • Long Lived Tokens
  • Custom Scopes
  • Least Privilege
  • Rotate Independently
2

Network Allowlisting

Allowlist IP addresses and domains

Configure which IP ranges and domains can use each token. The production integration gets allowlisted with its ranges, the partner service with theirs, dev with the office. Tokens from elsewhere are rejected.

  • IP Allowlisting
  • Domain Allowlisting
  • Per Token Scoping
  • Leak Resistant
3

REST API Endpoints

Trigger workflows programmatically

The REST API exposes endpoints for triggering any workflow from any external system. Send a request with the payload, the platform validates token and scope, the workflow fires, the response returns the run ID.

  • REST Endpoints
  • Programmatic Triggers
  • Run Tracking
  • Predictable Responses
4

Multi Layer Security

Secured end to end at every layer

Every incoming webhook gets signature verification, so events that did not come from your source are rejected before any workflow runs. Rate limiting protects downstream systems; secrets are encrypted at rest.

  • Signature Verification
  • Multi Layer Rate Limits
  • Encryption at Rest
  • Audit Logged
Why Teams Choose REVO

Six reasons security teams approve quickly

With a REST API, scoped tokens, allowlisting, webhook signatures, rate limits, and encryption, security becomes routine.

Trigger any workflow programmatically

Trigger any workflow programmatically

Every workflow can be triggered through the REST API. The internal onboarding app, the partner service, and the scheduled job all become sources.

Long lived tokens with custom scopes

Long lived tokens with custom scopes

Each token has exactly the permissions the integration needs. A token that only triggers one workflow cannot list others. Least privilege by default.

Network controls at every entry point

Network controls at every entry point

IP and domain allowlisting per token means a leaked credential is not enough; the caller also needs the right network. A stray token becomes useless.

Trusted signature verification on every webhook

Trusted signature verification on every webhook

Every incoming webhook gets verified against the signed signature, so fake events from a guessed address get rejected before any workflow runs.

Rate limits protect every layer

Rate limits protect every layer

API layer rate limits protect the platform from runaway clients; workflow layer limits protect downstream systems from a runaway workflow.

Encryption at rest for everything sensitive

Encryption at rest for everything sensitive

Every variable, secret, and credential is encrypted at rest with workspace specific keys. The security review closes in a single meeting.

Who uses REVO API & security
Deepak MehrotraDeepak MehrotraDeepak MehrotraDeepak Mehrotra

7600+

Teams integrating with
Revo through the secure REST API

Built for teams who treat security as a feature, not an afterthought

Platform engineering teams, security teams, infrastructure leads, automation engineers, and founders selling into regulated industries use Revo's REST API and security layer.

REST

API

Custom

Scopes

Encrypted

at Rest

Network

Controls

API Surface

REST endpoints, tokens, scopes

A full REST API for triggering workflows, listing and managing them, retrieving runs and logs, handling webhooks. Long lived tokens with custom scopes give each integration what it needs.

Features

Everything the API and security layer ships with

A complete API and security toolkit. REST API, scoped tokens, allowlisting, signatures, rate limits.

Full REST API

REST endpoints for triggering any workflow, listing and managing workflows, retrieving runs and logs, and configuring webhooks.

Long Lived Tokens with Custom Scopes

Generate long lived tokens with the exact scopes each integration needs: read, trigger, or full access. Each rotates on its own.

IP and Domain Allowlisting

Configure which IP ranges and domains can use each token. A leaked credential is no longer enough the caller must be in the right place on the network.

Trusted Signature Verification

Every incoming webhook is verified against the signed signature before any workflow runs. Fake events get rejected at the door.

Multi Layer Rate Limiting

Rate limits at the API layer protect the platform from runaway clients. Workflow layer limits protect downstream systems.

Variable Encryption at Rest

Every variable, secret, and credential is encrypted at rest with workspace keys. The compliance question gets a clear answer.

Questions & Answers

Everything you need to know

Common questions about REST endpoints, token scopes, allowlisting, webhook signatures, and encryption.

The REST API exposes every standard operation a team integrating with Revo could need: triggering any workflow with a payload, listing all workflows, fetching run history, retrieving full execution logs, managing webhook destinations, querying the analytics metrics that drive the dashboard, and managing tokens and allowlists. Every endpoint follows REST conventions with predictable patterns and consistent error handling.
Scopes are picked from a clear list when the token is generated, and the token can only do what its scopes permit. Common scopes include reading specific workflows, triggering specific workflows, reading logs, managing webhooks, and full workspace access. The team composes narrow scopes by selecting only what the integration needs, so a token that should only trigger one workflow really can only trigger that one.
Each token has its own allowlist of IP address ranges and domains permitted to use it. When a request arrives, the platform checks both the source address and domain against the allowlist before checking the token itself. Requests from outside are rejected with a clear error and logged. The production integration gets allowlisted to its ranges, and a token that ends up somewhere it should not be is useless.
When a webhook source sends an event, it attaches a signed signature computed from the payload and a shared secret known to both sides. The platform recomputes the signature and rejects the request if the values do not match. Fake events from a guessed address get rejected before any workflow runs, and the rejected events are captured in the trigger log. Verification happens automatically with native providers.
Rate limits apply at two layers and both are configurable. API layer limits protect the platform from a misbehaving client and can be set per token for calls per second, minute, and day. Workflow layer limits protect downstream systems from a workflow that suddenly fires thousands of times a minute. When a limit is hit, the platform returns a clear response so the caller can back off.
Every variable, secret, credential, and piece of sensitive data the workspace stores is encrypted at rest using industry standard encryption with workspace specific keys. The encryption applies to data on disk, in backups, and being replicated, so protection is consistent everywhere. Workspace specific keys isolate workspaces cryptographically, and the keys are managed through a service that handles rotation.
Revo · AI workflow automation

Describe the workflow, Revo builds it across 1,000+ apps.

Write an automation in plain English and Revo connects your tools, then sends AI agents to take action while you sleep.

1,000+
app integrations
99.9%
workflow uptime
0
lines of code to build
10x
faster than manual
Worksbuddy© 2026 Worksbuddy