Trigger any workflow
from anywhere, securely
A full REST API for triggering workflows. Custom scoped tokens, IP and domain allowlisting, signature verification, encryption at rest.
From external system to triggered workflow in 4 secure steps
Generate a token with exact scopes. Allowlist source addresses. Every request is authenticated and logged.
Long Lived Tokens
Generate a token with the exact scopes
Open the API settings and create an access token for the integration. Pick exactly the scopes it needs: read specific workflows, trigger a category, or full access. Tokens are long lived; rotate or revoke anytime.
- Long Lived Tokens
- Custom Scopes
- Least Privilege
- Rotate Independently
Network Allowlisting
Allowlist IP addresses and domains
Configure which IP ranges and domains can use each token. The production integration gets allowlisted with its ranges, the partner service with theirs, dev with the office. Tokens from elsewhere are rejected.
- IP Allowlisting
- Domain Allowlisting
- Per Token Scoping
- Leak Resistant
REST API Endpoints
Trigger workflows programmatically
The REST API exposes endpoints for triggering any workflow from any external system. Send a request with the payload, the platform validates token and scope, the workflow fires, the response returns the run ID.
- REST Endpoints
- Programmatic Triggers
- Run Tracking
- Predictable Responses
Multi Layer Security
Secured end to end at every layer
Every incoming webhook gets signature verification, so events that did not come from your source are rejected before any workflow runs. Rate limiting protects downstream systems; secrets are encrypted at rest.
- Signature Verification
- Multi Layer Rate Limits
- Encryption at Rest
- Audit Logged
Six reasons security teams approve quickly
With a REST API, scoped tokens, allowlisting, webhook signatures, rate limits, and encryption, security becomes routine.
Trigger any workflow programmatically
Every workflow can be triggered through the REST API. The internal onboarding app, the partner service, and the scheduled job all become sources.
Long lived tokens with custom scopes
Each token has exactly the permissions the integration needs. A token that only triggers one workflow cannot list others. Least privilege by default.
Network controls at every entry point
IP and domain allowlisting per token means a leaked credential is not enough; the caller also needs the right network. A stray token becomes useless.
Trusted signature verification on every webhook
Every incoming webhook gets verified against the signed signature, so fake events from a guessed address get rejected before any workflow runs.
Rate limits protect every layer
API layer rate limits protect the platform from runaway clients; workflow layer limits protect downstream systems from a runaway workflow.
Encryption at rest for everything sensitive
Every variable, secret, and credential is encrypted at rest with workspace specific keys. The security review closes in a single meeting.
7600+
Teams integrating with
Revo through the secure REST API
Built for teams who treat security as a feature, not an afterthought
Platform engineering teams, security teams, infrastructure leads, automation engineers, and founders selling into regulated industries use Revo's REST API and security layer.
API
Scopes
at Rest
Controls
REST endpoints, tokens, scopes
A full REST API for triggering workflows, listing and managing them, retrieving runs and logs, handling webhooks. Long lived tokens with custom scopes give each integration what it needs.
Everything the API and security layer ships with
A complete API and security toolkit. REST API, scoped tokens, allowlisting, signatures, rate limits.
Full REST API
REST endpoints for triggering any workflow, listing and managing workflows, retrieving runs and logs, and configuring webhooks.
Long Lived Tokens with Custom Scopes
Generate long lived tokens with the exact scopes each integration needs: read, trigger, or full access. Each rotates on its own.
IP and Domain Allowlisting
Configure which IP ranges and domains can use each token. A leaked credential is no longer enough the caller must be in the right place on the network.
Trusted Signature Verification
Every incoming webhook is verified against the signed signature before any workflow runs. Fake events get rejected at the door.
Multi Layer Rate Limiting
Rate limits at the API layer protect the platform from runaway clients. Workflow layer limits protect downstream systems.
Variable Encryption at Rest
Every variable, secret, and credential is encrypted at rest with workspace keys. The compliance question gets a clear answer.
Everything you need to know
Common questions about REST endpoints, token scopes, allowlisting, webhook signatures, and encryption.
Describe the workflow, Revo builds it across 1,000+ apps.
Write an automation in plain English and Revo connects your tools, then sends AI agents to take action while you sleep.
- 1,000+
- app integrations
- 99.9%
- workflow uptime
- 0
- lines of code to build
- 10x
- faster than manual