Balancing adoption of AI with governance and security is more important than ever. Workato helps organizations accelerate AI initiatives with MCP, enabling businesses to connect AI agents to enterprise systems securely. Other security enhancements in this product update include mTLS, OAuth 2.0 token introspection, and key pair authentication for Snowflake.
Workato MCP
Govern and Accelerate AI Adoption with Remote MCP Servers
Workato ONE
Workato API Collections can now be exposed as Remote Model Context Protocol (MCP) Servers, allowing integration with AI agents and LLM-powered tools like Claude, Cursor, and Windsurf.
What is MCP?
Model Context Protocol (MCP) is an open standard developed by Anthropic that standardizes how AI agents discover, connect to, and invoke tools and services. MCP helps organizations maintain enterprise security standards while allowing AI to access business-critical systems.
Key Benefits
Now that Workato API Collections can be exposed as remote MCP servers, you can ensure logging, security and governance for all AI Agents in your organization. And, accelerate AI adoption by reducing the time-to-value for AI initiatives from months to hours by reusing existing integrations.
This means:
- Remote MCP server support: Convert existing API Collections into MCP-compatible servers instantly.
- Unified MCP server catalog: Discover all MCP servers in one place.
- Zero rework required: Use existing API recipes and collections without rebuilding.
- Multi-platform support: Works seamlessly with Claude, Cursor, Windsurf, and other MCP-compatible clients.
- Secure proxy infrastructure: All requests to external servers are proxied through Workato, ensuring security and governance.
- 1000s of applications: Workato can integrate with 1000s of enterprise applications. Now you can compose a MCP server using them!
AI in Workato
See a Comprehensive Picture of your Workspace Health
All Plans
Developer APIs for Performance Copilot’s recipe health scans are available. Recipe health scan APIs allow administrators to programmatically trigger and retrieve health scans for recipes across their entire workspace. While Performance Copilot is a valuable tool for builders designing recipes, these new APIs give administrators a comprehensive view of how existing production recipes can be optimized.
These APIs allow you to:
- Identify areas for optimization: Understand which projects and recipes require attention to improve cost and performance.
- Spot potential security concerns: Be aware of any security vulnerabilities within recipes.
- Address deprecated actions: Pinpoint recipes using deprecated actions that need to be restructured.
- Integrate with existing tools: Bring these valuable reports into work management systems like Jira and build dashboards for a holistic view of production recipe health.
See the docs for more information and key endpoints.
API Management
API Platform Enhancements: Mutual TLS (mTLS) and OAuth 2.0 Token Introspection Support
Business. Enterprise, and Embedded
Significant advancements in the API Platform’s enterprise security capabilities have been introduced with the release of OAuth 2.0 token introspection and Mutual TLS (mTLS) authentication support.
Mutual TLS (mTLS) Authentication Support
For our enterprise customers, especially those in government or highly regulated industries like healthcare, finance, and manufacturing, mutual TLS (mTLS) is an important security feature. It provides two-way authentication, ensuring that both the client and server verify each other’s identity.
Key mTLS features include:
- Client-level mTLS enforcement: Flexibly enforce mTLS for API clients, with support for granular validations of client certificate attributes.
- Truststore: Manage certificates in the new Truststore, featuring automated email reminders for expiring certificates and certificate management. Developer API support is also available.
This feature is available to all API Platform users, with custom API domains as a prerequisite.
Support for OAuth 2.0 Token Introspection
This new authentication method allows the gateway to validate access tokens issued by external identity providers (IdPs). It extends OpenID Connect support and broadens compatibility with a wider range of security architectures, facilitating smoother integrations and enterprise migrations.
Builder Experience
Build Efficiently with Formula Lookup in Data Tables
All Plans
Good news! You can now perform direct lookups on Data Tables in formula mode, just as you have been doing with Lookup Tables.
data_table_lookup('Project Name/Folder Name', 'Reference Table', 'field': criteria) → data_table_lookup('HR/Onboarding', 'Candidates', 'Name': 'Kristina')
This makes recipe building cleaner, faster, and more maintainable, especially when working with multiple lookups. Instead of adding several search or get actions—each increasing recipe length and task count—you can now retrieve values inline, directly within action fields.
A More Flexible approach to Table Management
All Plans
A new set of public-facing APIs allows for a more flexible approach to Data Tables management at scale. These APIs are designed to give users the tools needed to create, modify, and manage their Data Tables outside of the Workato platform. They also support operations such as truncating Data Tables and managing metadata. Additionally, these Data Table APIs are fully embed-compatible for seamless support.
Connectivity
Enhanced XML Tools: XSD Validation and XSLT 2.0 Support
All Plans
Catch data structure issues earlier and with greater precision with two significant XML Tools enhancements: XSD validation support and XSLT 2.0 processing. To achieve this, a new Java-based microservice was developed specifically for XML processing. Java’s robust and actively maintained XML libraries provide for more advanced and reliable capabilities. This new service not only unlocks full XSLT 2.0 support but also introduces native XSD schema validation, making it easier to spot issues.
Start using Key Pair Authentication for Snowflake Now
All Plans
To help users prepare for Snowflake’s deprecation of single-factor password authentication in November 2025, Key Pair Authentication was released as a secure alternative to traditional username/password connections. Early adoption of Key Pair Authentication is encouraged to ensure a smooth migration before the November 2025 deadline.
What’s new:
You can now select “Key Pair Authentication” from the connection configuration page under “Authentication type.” When selected, two new fields will appear—private key and private key passphrase.
Both unencrypted and encrypted keys are supported to meet security and compliance needs.
Connectivity Updates: New Connectors and Enhancements
All Plans
Check out the community connector and platform connector blogs in the Product Hub.
Stay tuned for June
We hope you found this month’s updates exciting, and continue to discover new ways to Workato!
To read about these updates as they are released, check out our Changelog.