M317 API CONTROL
Last updated Sep 12, 2017

Controlling OAuth2 Authorization Access and Basic Authentication Access from External

Questetra is providing [Message Catch Event API] that can Start a Workflow automatically, and APIs that is capable of controlling User/ Work resources. In order to be able to use applications utilizing OAuth2 authorization and Basic authentication, the user with [system administration authority] needs to register the application into the system.

Control Access to [API for Developer] from External

a. Workflow APIs
APIs for developing applications to register new Issues or to operate undertaken Tasks
b. System Setting APIs
APIs for developing applications to add new User Accounts or to change affiliations

R3170 Basic Authentication

R3174 OAuth 2.0 Configs

R3171 OAuth 1.0 URLs

  • Currently, the API communication that Questetra responds to is “OAuth 2.0”, “OAuth 1.0 (deprecated)”, or “Basic Authentication”.
  • The contents of the API Response will vary depending on the User Account (e.g.: My Tasks list)
  • OAuth communication does not pass the password information to the external application
  • Basic authentication communication (RFC2617) passes the password information to the external application
a. In-house developed Applications
Developing in-house applications using the API documentation
b. Get Third-party Applications
Download the apps from trusted developers

R3172 Workflow APIs

R3173 System Settings APIs

  • You can develop a variety of applications, for example, Android apps, iOS apps, browser extensions, system batches
  • You can develop a variety of applications, for example, applications to detect the occurrence of specific business processes, management applications to change a User’s affiliation
  • Questetra does not respond with an error code (401) requesting Basic Authentication (www-authenticate header)
  • The API Password, which is in Account Setting of each User, is used for Basic Authentication communication
a. Register OAuth Apps
Enable response to API requests from registered applications
b. Enable Basic Authentication Communication
Enable response to API requests through Basic Authentication
  • Your “Consumer Key” and “Consumer Secret” is required for registering OAuth applications
a. Revoke the Authorization of an OAuth App
Individually delete communication between each approved user OAuth Tokens
b. Delete OAuth Apps
Delete the registration of OAuth applications to disable communication with Questetra
c. Forbid Basic Authentication Communication
Disable all Basic Authentication Communication
  • You can check the usage of OAuth communication, both at user level and at application level (token expiration, etc.)
  • You cannot monitor or limit Basic Authentication communication, at an application level (Periodic change of password, etc. will be needed)
  • Usage of ID information for the Basic Authentication communication is recorded in the System Log (M313)