Questetra provides a [Message Catch Event API] that can Start a Workflow automatically, and APIs that are capable of controlling User and Work resources. In order to be able to use applications utilizing OAuth2 authorization and Basic authentication a user with [System Administration] authority needs to register the application into the system.
1. Overview of Development of External Applications Utilizing OAuth2 Authorization or Basic Authentication
- a. Workflow API
- APIs for developing applications to register new Issues or to operate undertaken Tasks.
- b. System Settings API
- APIs for developing applications to add new User Accounts or to change affiliations.
- Currently, the API communication that Questetra responds to is "OAuth 2.0" or "Basic Authentication".
- The contents of the API response will vary depending on the User Account (e.g. [My Tasks] list)
- OAuth communication does not pass the password information to the external application
- Basic authentication communication (RFC2617) passes the password information to the external application
2. Get the External Application
- a. In-house Developed Applications
- Develop in-house applications using the API documentation
- b. Get Third-party Applications
- Download the apps from trusted developers
- You can develop applications for a variety of platforms, for example, Android apps, iOS apps, browser extensions, system batches, etc.
- You can develop applications with a variety of functions, for example, applications to detect the occurrence of specific business processes, management applications to change a User's affiliation, etc.
- Questetra does not respond with the error code (401) requesting Basic Authentication (www-authenticate header)
- The [API Password], which is in the [Account Settings] of each User, is used for Basic Authentication communication
- After signing in to your Workflow platform (Questetra) you can refer to the Workflow API / System Settings API manual and execute a test from the side menu [API Manual]
3. Enable External Applications
- a. Register OAuth Apps
- Enable response to API requests from registered applications
- b. Enable Basic Authentication Communication
- Enable response to API requests through Basic Authentication
- Your "Consumer Key" and "Consumer Secret" is required for registering OAuth applications
4. Monitor the External Application and Stop as Necessary
- a. Revoke the Authorization of an OAuth App
- Individually delete communication between each approved user from the [OAuth Token List]
- b. Delete OAuth Apps
- Delete the registration of OAuth applications to disable communication with Questetra
- c. Forbid Basic Authentication Communication
- Disable all Basic Authentication Communication
- You can check the usage of OAuth communication, both at user level and at application level (token expiration, etc.)
- You cannot monitor or limit Basic Authentication communication at an application level (periodic change of password, etc. will be needed)
- ID information used for Basic Authentication communication is recorded in the [System Log] (M313)