M317 API CONTROL
Last updated Sep 06, 2016

External connection control though the [Developer API]

[Process Model Connecting API] which allows the connection to Workflows, and [Developer APIs] which allows the development of standard application software, are provided by Questetra. To enable applications using the [Developer API], the application must be registered in the system by Users with [System Administrator authorization].

Control Access to [API for Developer] from External

a. Workflow APIs
APIs for developing applications to register new Issues or to operate undertaken Tasks
b. System Setting APIs
APIs for developing applications to add new User Accounts or to change affiliations

R3170 Basic Authentication

R3174 OAuth 2.0 Configs

R3171 OAuth 1.0 URLs

  • Currently, the API communication that Questetra responds to is “OAuth 2.0”, “OAuth 1.0 (deprecated)”, or “Basic Authentication”.
  • The contents of the API Response will vary depending on the User Account (e.g.: My Tasks list)
  • OAuth communication does not pass the password information to the external application
  • Basic authentication communication (RFC2617) passes the password information to the external application
a. In-house developed Applications
Developing in-house applications using the API documentation
b. Get Third-party Applications
Download the apps from trusted developers

R3172 Workflow APIs

R3173 System Settings APIs

  • You can develop a variety of applications, for example, Android apps, iOS apps, browser extensions, system batches
  • You can develop a variety of applications, for example, applications to detect the occurrence of specific business processes, management applications to change a User’s affiliation
  • Questetra does not respond with an error code (401) requesting Basic Authentication (www-authenticate header)
  • The API Password, which is in Account Setting of each User, is used for Basic Authentication communication
a. Register OAuth Apps
Enable response to API requests from registered applications
b. Enable Basic Authentication Communication
Enable response to API requests through Basic Authentication
  • Your “Consumer Key” and “Consumer Secret” is required for registering OAuth applications
a. Revoke the Authorization of an OAuth App
Individually delete communication between each approved user OAuth Tokens
b. Delete OAuth Apps
Delete the registration of OAuth applications to disable communication with Questetra
c. Forbid Basic Authentication Communication
Disable all Basic Authentication Communication
  • You can check the usage of OAuth communication, both at user level and at application level (token expiration, etc.)
  • You cannot monitor or limit Basic Authentication communication, at an application level (Periodic change of password, etc. will be needed)
  • Usage of ID information for the Basic Authentication communication is recorded in the System Log (M313)