System collaboration that calls the REST API of another service by sending an HTTP request from Questetra is one of the common cases.
In such case, an HTTP request is sent by using either of
on the Questetra side.
And in many cases, OAuth2 is used for the authentication.
Although there are several types of OAuth2, if you use Authorization code as its grant-type, you can correspond by only settings on the Questetra side.
In this article, I will describe how to set up OAuth2.
1: Overview of the procedure
Overview of the setting procedure is as follows.
- Preparation on the side of partner service to be invoked
Setting up using Questetra’s Callback URL, obtaining a Client ID and Secret
- Settings on the side of invoking (Questetra)
Setting up using the endpoint URL of the partner service and Client ID and Secret that have obtained, obtaining a token
- Settings in Questetra for invoking API
Setting up using the OAuth token that has obtained
2: Preparation on the side of partner service to be invoked
On the side of the partner service to be invoked, in advance registration as the client is required. (Sometimes that is referred to as “App registration” etc.)
Upon that, Questetra’s “callback URL” is required. (Sometimes referred to as “redirect URI”)
- In a paid environment
- In a free environment (Starter Plan)
When you complete the registration, as “Client ID”/”Client Secret” (also they may be “Consumer Key” or “APP ID” etc., / “Client Secret Code” or “Consumer Secret” etc.) are displayed, so make a note of those.
3: Settings on the side of invoking (Questetra)
First, open the OAuth setting screen by one of the followings. (The same screen will be displayed regardless of either way.)
- “OAuth 2.0 setting” in the “▼ App” drop-down menu on the App detail screen
- “Set up OAuth 2.0 from here” button in “Security/Custom Header” tab on the property screen of “Throwing Message Intermediate Event (HTTP)”
Click on [add] button to open the details setting screen. (You can confirm the “Callback URL” in this screen.)
Enter to the items respectively and click on [Save].
|Config Name||(Any favorable setting name. To be used for designation later.)|
|Authorization Endpoint URL, Token Endpoint URL||Enter by referring to the manuals of the partner service|
|Scope||It depends on the partner service and API to invoke. There are cases where it is not specified. Separate with space in case of multiple names.|
|Client ID, Consumer Secret||Enter the aforementioned notes you made when registering to partner service.|
Once you have saved the settings, click on the “Get token” button and if you can successfully acquire the token, it is OK. If you can get it, you will see the following display.
If you get an error here, please check whether there is any incomplete setting. If there is no inadequacy even after checking the setting sufficiently, there is also the possibility of Questetra not being capable of in the first place, so please contact us. (Because error details may not be displayed in the current specification.)
4: Settings in Questetra for invoking API
The OAuth token obtained above is used by specifying as the followings respectively.
- “Trowing Message Intermediate Event (HTTP)”
Specify at “Connect with OAuth 2.0” on “Security/Cutom Header” tab.
- “Script Task”
You can use it as the following. (While checking the manual, you should be better to refer to the source code of the published Service Task definition (Add-on XML).)
var token = httpClient.getOAuth2Token( XXX_OAuth Config Name_XXX ) httpClient.begin().bearer(token)
- “Service Task definition (Add-on XML)”
Specify at “OAuth2 Setting Name” etc. (The config item name is just an example as it depends on the specification of the Service Task definition (Add-on XML).)
I suppose now you understand how to set up OAuth2.
Although there are some difficult parts, those are necessary to connect with various services. I hope you to learn it by all means.
If you have any questions, please feel free to contact us through the inquiry form.