Configuring Callouts
|
NOTE Ensure that a Sentinel Connect client is configured before adding a callout. For details, see Configure Client.
|
What Is a Callout?
Callouts are programmable integration points that allow Sentinel Connect to interact with external systems or custom components before the key stages in the Sentinel Connect workflow. These stages include customer and user handling, entitlement creation, update and activation. Callouts extend the built-in Sentinel Connect workflow by invoking external systems or custom component URLs to retrieve additional information or post data before actions are executed in Sentinel EMS. This enables integration with third-party systems, such as front-office or back-office systems, and external Identity Providers (IDPs). For example, if you want to send data to your financial system when creating an order, you can do so using a callout in Sentinel Connect.
Use Cases for Callouts
Before callouts, Sentinel Connect could only use data from ERP systems in a fixed workflow limited to Sentinel EMS operations. Any integration with external systems, required custom connectors for each operation. With the introduction of callouts, Sentinel Connect can now communicate directly with external systems and custom components using configurable, no-code setups. This eliminates the need for custom connectors and enables more flexible, maintainable workflows.
Callout Execution Modes
Callouts use GET and POST methods to send and retrieve data. These methods support both synchronous and asynchronous calls for callout execution, depending on whether the Sentinel Connect workflow waits for a response before proceeding:
>Synchronous (Wait for Response): Sentinel Connect waits for a response from the external system before continuing the workflow. Use this mode for operations when the external system’s response is critical for the next workflow step. For example: validating a customer's CRM IDs before initiating order creation.
>Asynchronous (Fire and Forget): Sentinel Connect triggers the callout but does not wait for a response. The workflow continues as soon as the callout is sent. Use this mode for operations where the external system's response is not needed to proceed to the next step in the workflow, allowing the workflow to continue without delay. For example: notifying billing systems about a completed transaction.
Supported Callout Activities and Triggers
An activity refers to the specific operation being performed in the Sentinel Connect workflow, and the callout transmits data based on the type of activity, such as Entitlement Creation.
A trigger is the event that causes the callout to be initiated, such as Before Customer Handling. Each activity contains predefined set of trigger points to invoke callouts. The available callout triggers depend on the selected activity. Depending on the activity, you can trigger up to two callouts.
The following table lists the supported callout activities and triggers in Sentinel Connect along with example use cases:
| Supported Activity | Supported Trigger | Example Use Case |
|---|---|---|
| Entitlement Creation | Before Entitlement Creation |
Validate the product code against a product catalog system before creating the entitlement. |
| Before Customer Handling | Check if the customer record exists in the CRM system before proceeding with customer handling. | |
| Before Users Handling | Verify the user’s status in the identity management system before linking the user. | |
| Before Activation | Confirm readiness of the cloud service before triggering entitlement activation. | |
| Entitlement Update | Before Entitlement Update | Validate the updated product configuration against business rules before applying the changes. |
| Before Customer Handling | Push updated customer info to the CRM system before applying entitlement changes. | |
| Before Users Handling | Verify user roles and access permissions using the external access control system before updating entitlement data. |
NOTE Callouts are used to trigger actions before an activity takes place. For any actions that need to be performed after the activity, use Webhooks and Events
Adding Callouts
You can add a callout from the Callouts page.
To add a callout:
1.From the navigation pane, select Callouts to view the Callouts page.
2.Click the Add Callout button. The Add Callout page is displayed.
3.Fill in the callout attributes as described in the following sections and click Save.
Callout Definition
The following properties define the callout:
| Attribute | Description | Required/ Optional | Valid Values |
|---|---|---|---|
| Client |
Name of the Sentinel Connect client for whom the callout is being added. >Administrator accounts: When logged in as an administrator, a list is displayed showing all existing clients. >Client Admin accounts: When logged in as a client administrator, the list is pre-populated with the associated client accounts and cannot be edited. |
Required |
Select from the list of client names of Sentinel Connect clients. |
| Name | Name of the callout. | Required | Maximum: 200 characters |
| Activity | Specifies the step in the workflow during which the callout is executed. | Required |
Possible Values: >Entitlement Creation >Entitlement Update |
| Callout Trigger | Specifies the event point within the selected activity where the callout is triggered, just before the event occurs. | Required | Possible Values:
>Before Activation >Before Customer Handling >Before Entitlement Creation >Before Entitlement Update >Before User Handling
|
| URL | The target endpoint URL where you send the callout request. | Required |
>Maximum : 200 characters >Alphanumeric > Must start with: http:// or https:// > A valid domain name (For example: example.com) > May optionally include www. >May include optional path or query parameters >For example: /https?:\/\/(www\.)?[-\w@:%.~#=]{1,256}\.[a-zA-Z]{2,}(\/[\w@:%.~#?&=]*)?/ |
| Requires Authentication | Specifies if credentials are needed to access the callout URL. | Optional | Possible Values:
'Yes' or 'No' Default Value: Yes |
Authentication Setup
NOTE Visible only when you set Requires Authentication to 'Yes'.
The following properties specify the user authentication:
| Attribute | Description | Required/ Optional | Valid Values |
|---|---|---|---|
| Authentication Type |
Type of authentication profile, which specifies the authentication method used by Sentinel Connect to authenticate client requests when working with the Sentinel Connect callouts. Possible Values: >Basic: Requires you to specify verified user name and password with your request. >OAuth: Uses the Client Credentials grant type. This requires you to specify client ID, client secret, and access token URL with your request. |
Required | Possible Values:
>Basic >OAuth Default Value: Basic |
| Basic | |||
| Username | User name for the client application. | Required |
>Maximum: 200 characters >Alphanumeric |
| Password | Password for the user name you provided. | Required | Maximum: 200 characters |
| Verify Credentials |
Specifies whether to validate the authentication setup. >When set to Yes, Sentinel Connect validates the credentials by sending a basic authentication request to the server specified in the Verification URL before creating the authentication setup. >When set to No, Sentinel Connect creates the authentication setup without validating the credentials. |
Optional |
>Possible Value: 'Yes' or 'No' >Default: No |
| Verification URL |
(Visible only when Verify Credentials is set to 'Yes'.) The URL that is used to the validate the authentication setup of the client. |
Required |
>Maximum : 200 characters >Alphanumeric > Must start with: http:// or https:// > A valid domain name. For example: example.com > May optionally include www. >May include optional path or query parameters >For example: /https?:\/\/(www\.)?[-\w@:%.~#=]{1,256}\.[a-zA-Z]{2,}(\/[\w@:%.~#?&=]*)?/ |
| OAuth Specify OAuth 2.0 details that a client requires to request an authentication token from the authorization server. | |||
| Grant Type | Specifies the method used to request an access token based on the client’s credentials. | Required | Default Value: 'Client Credentials' |
| Client ID | The unique identifier of the client application, used to identify the client during the authentication process and to authorize access to the target service or URL. | Required |
>Maximum: 200 characters >Alphanumeric |
| Client Secret | A secret that is confidential to the application and the authorization server to access the target URL. | Required |
>Maximum: 200 characters >Alphanumeric |
| Access Token URL | URL of the authorization server that issues the token using the client ID and client secret. A request is sent to this URL with the given credentials. | Required |
>Maximum : 200 characters >Alphanumeric > Must start with: http:// or https:// > A valid domain name (For example: example.com) > May optionally include www. >May include optional path or query parameters >For example: /https?:\/\/(www\.)?[-\w@:%.~#=]{1,256}\.[a-zA-Z]{2,}(\/[\w@:%.~#?&=]*)?/ |
Request Configuration
The following properties specify the request configuration:
| Attribute | Description | Required/ Optional | Valid Values |
|---|---|---|---|
| Method | Specifies the HTTP method used to send the request. | Required |
Possible Values: >GET >POST |
| Request Payload |
(Visible only if Method is set to POST.) Specifies the body content sent with the HTTP request. Click on Parse Payload to validate the payload format and automatically structure it as a properly formatted JSON object. This ensures that the request body is syntactically correct before submission. |
Required |
JSON value. For example: >Dynamic Payload: {"Key": "${value}"} >Static Payload: {"Key": "Value"} |
| Type |
(Visible only if Method is set to POST.) Specifies the data format used in the request body. Note: Sentinel Connect supports only JSON format. |
Required | JSON |
| Query Parameter |
Specifies key-value pairs passed to the target URL. Each query parameter consists of a: >Key: Specifies the name of the parameter added to the URL query string. >Value: Specifies the dynamic value associated with the key. You can use: >
> > + Add Query Parameters to add a new key-value pair. |
Optional |
>Maximum: 10 query parameters >Key: Parameter name. For example: entitlement, date >Value: Select the mapped values from the list available. For example, EID, startDate |
to add a parameter from the list displayed. 
to delete a pair.Response Configuration
Response configuration in Sentinel Connect is needed only for synchronous calls. When Wait for Response is set to 'Yes', the response configuration properties are displayed and you can configure the properties as needed.
The following properties specify the response configuration:
Callout Status
The Status attribute available on the Callouts page specifies the status of a callout:
Enabled: When a callout is first created, it is saved as enabled that you can edit, disable or delete.
Disabled: A disabled callout cannot be updated. You can enable a disabled callout when needed.
Actions for a Callout
The following table lists the actions available for callouts:
| Action | Description | |
|---|---|---|
 |
Edit |
Updates information for a callout. |
 |
Delete |
Deletes a callout. |
|
Disable | Disables a callout. The callout can no longer be edited. |
 |
Enable | Enables a disabled callout. |
FAQs and Troubleshooting
Question 1: Why don’t I see the Before Activation callout trigger when selecting Entitlement Update?
Answer: The Before Activation callout trigger is only applicable to the Entitlement Creation activity. It is designed to execute before the first activation of a newly created entitlement. Activation applies to continuation orders—additional orders placed to activate or renew licenses on an already activated key. When you select Entitlement Update activity, the system assumes the entitlement already exists and may have already been activated, making the Before Activation callout trigger no longer relevant. Therefore, it does not appear as an available option for the Entitlement Update activity.
Question 2: What happens if the callout exceeds the timeout duration?
Answer: If a callout exceeds the timeout duration, the error is logged in Sentinel Connect transaction log and sends a response back to the ERP system. When Abort if request times out is selected on timeout, the transaction stops immediately, but any actions completed before the timeout are not rolled back.
For example: If the callout times out before entitlement creation, any customer or user records already created remain, but the entitlement itself does not get created.
Question 3: Why do I see a callout failure in the transaction log even though the entitlement was successfully created, and what should I do in this case?
Answer: If the transaction log shows a callout failure but the entitlement is created, it means the callout failed after entitlement creation and the operation wasn’t aborted due to the current timeout or error handling configuration. Since the process did not fully abort, Sentinel Connect does not retry failed callouts automatically, you need to handle the failure manually—review the error, fix any issues, and complete any pending steps outside Sentinel Connect.