Calling the trendy “Mastodon” API from Cloud BPM

I made a trial to call APIs of "Mastodon" from Questetra, a Cloud-based BPM Workflow. Also, tried the same to Twitter's APIs.

 

Hi, there!
My posts so far are HERE.

Mastodon is a short messaging SNS service / free software of “decentralized type” with which anyone can operate SNS freely -much like Twitter.

“Mastodon”, often heard recently.

I have not used it so much yet, but they say it is something like a Twitter server that can be built on your own.

Since Mastodon has APIs, I checked whether or not it is possible to call it from Questetra.

* Even though there might not be a demand for its use for now, it could be used as a marketing tool when Mastodon is more widely spread.

Also, I made a comparison with the APIs of Twitter, which can be said is the origin of Mastodon, since it has been famous for a long time. (I suppose there are a lot of people who tried out calling Twitter APIs when testing a web API).

There are four types of OAuth 2 grant_type (method to get tokens), and Mastodon seems to work with authorization_code and password out of those four. (Whereas, only client_credentials is available in Twitter.)
* It is unconfirmed whether or not it corresponds to other grant_types. Also, note that the grant_type of password is generally not recommended, so please be aware of that as well.

Reference: 4 types of the grant_type specified in OAuth 2
・Authorizaton Code Grant (authorization_code)
・Implicit Grant (implicit)
・Resource Owner Password Credentials Grant (password)
・Client Credentials Grant (client_credentials)

Let’s try connecting Questetra and Mastodon for each of these two grant_types.

 

We are going to use “Throwing Message Intermediate Event (HTTP)” of Questetra.
We are going to use “Throwing Message Intermediate Event (HTTP)” of Questetra.
This is a function that allows you to send an HTTP request in the middle of a flow, and it is possible to set connection by OAuth 2 (grant_type is authorization_code). If this is available to call the APIs, you don’t need programming.
Details on how to do the setting will be described later.

* Document for “Throwing Message Intermediate Event (HTTP)”
M225 AUTO EVENT Auto Sending of HTTP Request with Business data Inserted

 

First of all, we will make client registration to Mastodon as follows.

curl -X POST -sS https://{HOST NAME}/api/v1/apps -F "client_name={CLIENT NAME}" -F "redirect_uris=https://fs.questetra.net/oauth2callback" -F "scopes=read write follow"

* Enter the host name of the targeted Mastodon in “{HOST NAME}”
* Enter the name you like in “{CLIENT NAME}”
* You can change “Scope” according to what you want to do, but it must match with the setting to be done later on Questetra side.
* Since client_id and client_secret which can be obtained from processing results are used later, please note them down.

 

For detailed instructions on OAuth setting of “Throwing Message Intermediate Event (HTTP)”, please refer to this article.
* You can go to OAuth setting screen through either of [Set up OAuth 2.0 from here] button of [Connect with the OAuth 2.0] in the [Security / Custom Header] tab on the property screen of “Throwing Message Intermediate Event (HTTP)”, or [OAuth 2.0 Setting] in [▼App] menu.

Name Value
Name (set a name of your choice , it will be used later)
Authorization Endpoint URL https://{HOST NAME}/oauth/authorize
Token Endpoint URL https://{HOST NAME}/oauth/token
Scope read write follow (choose it according to what you want to do)
Client ID (Acquired at the time of client registration)
Client Secret (Acquired at the time of client registration)

* Enter the host name of the target Mastodon in “{HOST NAME}”

The setting value of OAuth is as follows. Click on [Get Token] button.

 

The setting for “Throwing Message Intermediate Event (HTTP)” to call the API to post a message is as follows.

Name Value
Network Settings: URL https://{HOST NAME}/api/v1/statuses
Security / Custom Header: Connect with the OAuth 2.0 (OAuth setting name as before)
Send Parameter Settings status: (Words you want to post)
When calling the APIs with “Throwing Message Intermediate Event (HTTP)”, we recommend that you prepare two String type Data Items and set them as shown below in order to get detailed information when something goes wrong.

  • Network Settings: String type data item that will contain error details when an error occurred
  • Response Settings: check on [Save the Response[ and specify [Data item to save the response]

 


For grant_type password, use “Script Task” of Questetra. Details of setting will be described later.

* Document for “Script Task”
M230 AUTOMATED STEP Auto Executing Complicated Data Processing (ECMAScript)

 

First of all, we will do the client registration to Mastodon as follows.

curl -X POST -sS https://{HOST NAME}/api/v1/apps -F "client_name={CLIENT NAME}" -F "redirect_uris=urn:ietf:wg:oauth:2.0:oob" -F "scopes=read write follow"

* Enter the host name of the targeted Mastodon in “{HOST NAME}”
* Enter the name you like in “{CLIENT NAME}”
* You can change “Scope” according to what you want to do, but it must match with the settings to be done later on Questetra’s side.
* Since client_id and client_secret which can be obtained from processing results are used later, please note them down.

 

In the “Script Task”, it retrieves an access token, and calls the URL for posting. A sample code is shown below. Enter the appropriate values in between the braces ({}).

var message = data.get("3");
var clientId = "{CIENT ID}";
var secret = "{CLIENT SECRET}";
var accessLog = "";

var uriToken = "https://{HOST NAME}/oauth/token";
var response = httpClient.begin()
.formParam( "grant_type", "password" )
.formParam( "client_id", clientId )
.formParam( "client_secret", secret )
.formParam( "scope", "write read follow" )
.formParam( "username", "{LOGIN USER NAME}" )
.formParam( "password", "{LOGIN PASSWORD}" )
.post( uriToken );
accessLog += "---POST request--- " + response.getStatusCode() + "\n";
accessLog += response.getResponseAsString() + "\n";
var oauthTokenObj = JSON.parse( response.getResponseAsString() );
var oauthToken = oauthTokenObj.access_token;
accessLog += "oauthToken: " + oauthToken + "\n";

var uriExecute = "https://{HOST NAME}/api/v1/statuses";
var responseCreate = httpClient.begin()
.bearer( oauthToken )
.formParam( "status", message )
.post( uriExecute );
accessLog += "---POST request--- " + responseCreate.getStatusCode() + "\n";
accessLog += responseCreate.getResponseAsString() + "\n";

retVal.put( "0", accessLog );

For the grant_type of OAuth 2.0 in Twitter, only client_credentials is available.

* Reference material: Twitter Developer Documentation, POST oauth2/token

For grant_type client_credentials, also use “Script Task” of Questetra. Details of setting will be described later.

 

First of all, we will make client registration to Twitter referencing this page. Please note, again, the client_id and client_secret that can be obtained from processing results, since we use them later.
 
In the “Script Task”, it retrieves an access token, and calls the URL for retrieving list. A sample code is shown below. Enter the appropriate values in between the braces ({}).

var clientId = "{CLIENT ID}";
var secret = "{CLIENT SECRET}";
var accessLog = "";

var uriToken = "https://api.twitter.com/oauth2/token";
var response = httpClient.begin()
.formParam( "grant_type", "client_credentials" )
.formParam( "client_id", clientId )
.formParam( "client_secret", secret )
.post( uriToken );
accessLog += "---POST request--- " + response.getStatusCode() + "\n";
accessLog += response.getResponseAsString() + "\n";
var oauthTokenObj = JSON.parse( response.getResponseAsString() );
var oauthToken = oauthTokenObj.access_token;
accessLog += "oauthToken: " + oauthToken + "\n";

var uriExecute = "https://api.twitter.com/1.1/statuses/user_timeline.json";
var responseExecute = httpClient.begin()
.bearer( oauthToken )
.queryParam( "screen_name", "{SCREEN NAME}" )
.queryParam( "count", 3 )
.get( uriExecute );
accessLog += "---GET request--- " + responseExecute.getStatusCode() + "\n";
accessLog += responseExecute.getResponseAsString() + "\n";

retVal.put( "0", accessLog );

 

However, in the case of the access token obtained this way, since it is not associated with the user context, the usable API is limited… Well, it is natural since it did not pass user authentication as in the case of authorization_code.
* Reference material: Twitter Developer Documentation, Application-only authentication

In other words, if you want to call the APIs and post it, it seems that you have to use the previous OAuth 1. But, connection setting in OAuth 1 is not supported in Questetra…
Therefore, if you want to call the APIs and make a post, I think that it is quick to combine it with a cooperation tool such as ifttt. Using ifttt, you can post, etc. To Twitter by sending an email via Questetra, easily.

In this way, I examined collaboration between Questetra and Mastodon and Twitter, focusing on connection in OAuth 2.
I suppose that you can understand that it can be set easily, if grant_type is authorization_code. However, even if grant_type is authorization_code, there are cases where it does not connect well depending on the counterpart… I will tell you about it in another article.

 


When you apply from this web form, you can create a free account for Questetra. All functions including the above are available, so please try it.

FreeQues

 

About Kusaka Tsuyoshi

営業をやってますが、もともとエンジニアなので、プログラミングもやります。
View all posts by Kusaka Tsuyoshi

Recommendations
Prev article - 50. Questetra Tips Automate Processing by Accessing its Own API
Another article - Kusaka Tsuyoshi Tips When You are in Trouble with kintone’s “Workflow Management” (part 2)

Archive

 RSS