Questetra provides a [Message Catch Event API] that can Start a Workflow automatically, and APIs that are capable of controlling User and Work resources. In order to be able to use applications utilizing OAuth2 authorization and Basic Authentication the User with [System Administration] authority needs to register the application into the system.
1. Overview of Development of External Applications Utilizing OAuth2 Authorization or Basic Authentication
- a. Workflow API
- APIs for developing applications to register new Issues or to operate undertaken Tasks.
- b. System Settings API
- APIs for developing applications to add new User Accounts or to change affiliations.
- Currently, the API communication method that Questetra supports is OAuth2.0 or Basic Authentication
- The contents of the API response will vary depending on the User Account (e.g. [My Tasks] list)
- OAuth communication is a method that does not pass the password information to the external application
- Basic authentication communication (RFC2617) passes the password information to the external application
2. Get the External Application
- a. In-house Developed Applications
- Develop in-house applications using the API documentations
- b. Get Third-party Applications
- Download applications from trusted developers
R3172: Workflow API (for Quick Demo Platform)
R3173: System Settings API (for Quick Demo Platform)
R3175: Response Errors List (Workflow API & System Settings API)
- You can develop applications for a variety of platforms, for example, Android apps, iOS apps, browser extensions, system batches, etc.
- You can develop applications with a variety of functions such as to detect the occurrence of specific business processes, or to change User's affiliation, etc.
- Questetra does not respond with the error code (401) requesting Basic Authentication (www-authenticate header)
- For Basic Authentication communication, the [API Password] in [Account Settings] of respective User is used
- After signing in to your Workflow platform (Questetra) you can refer to the Workflow API / System Settings API manual and execute a test from the side menu [API Manual]
3. Enable External Applications
- a. Register OAuth Applications
- Enable response to API requests from registered applications
- b. Permit Users to access with Basic Authentication
- Enable response to API requests through Basic Authentication by permitted Users
System Settings – API Clients
System Settings – User List
- The password for Basic Authentication is different from that for normal systems
- [Account Settings]>[Password]>[API Password]
- Not displayed for Users who are forbidden Basic Authentication
- If you access the system without the Authentication, the response from the server-side (header: WWW-Authenticate) which indicates that Basic Authentication is necessary will not be returned
- [Account Settings]>[Password]>[API Password]
- In the case of OAuth App (OAuth2 Client), an external application's name and the redirect URL should be registered to issue the ClientID
- In the settings of an external application, "any" or "read" should be specified for Scope settings
- "Authorization Endpoint URL": "https://{YOUR-DOMAIN}.questetra.net/oauth2/authorize"
- "Token Endpoint URL": "https://{YOUR-DOMAIN}.questetra.net/oauth2/token"
- Grant Type is supported by Authorization Code only, Access Token and Refresh Token is valid respectively for 12 hours and 30 days
4. Monitor the External Application and Stop as Necessary
- a. Disable OAuth Application
- Deactivate connection from OAuth application to disallow communication with Questetra
- b. Delete OAuth Applications
- Delete the registration of OAuth applications to disable communication with Questetra
- c. Forbid Basic Authentication Communication
- Forbid Basic Authentication for each User
- You can control the OAuth communication by the application unit
- You cannot monitor or limit Basic Authentication communication at the application level (periodic change of password, etc. are recommended)
Comments
0 comments
Please sign in to leave a comment.