I have a requirement to download attachments from Jira during event triggers and upload back to other supporting tool. For this purpose, started using WebHooks, during event trigger, json values will get passed thru post call. I have found Jira rest api also to get attachment download link to use it in webhooks. But this rest api requires valid authentication. I can't use basic login details to hard code in the script for downloading through URL.
How can I authorize this URL for getting the attachment. I heard that, we can establish OAuth and for this I need to enable application linking. At this stage, I am not sure how can I link the WebHook URL as an application. Current Hook is not a complete application it just accepts json as post and parses through it.
Need your support how to enable this OAuth and how to create that app. I am newbie to this WebHooks and OAuth concepts. so bare me for the generic queries .. :)
If there are any other possible solutions for my requirement are also welcomed.
Thank you..
Related
I need to publish messages to GCP Pub/Sub with a POST request as the platform I'm using (Zoho) does not allow for any of the GCP libraries. I'm not sure how to make the request in a simple way, as the normal authentication system seems complex.
Is there an easy way to publish a message using, e.g., an API key?
Alternatively is there a simple way to create an API endpoint within GCP that I can then forward data on to the messaging system?
I have used the python client to publish to Pub/Sub, but cannot make POST requests because of the authentication issues.
Both of your questions will have the same answer, yes, and Google Cloud Endpoints is your way to go here.
With Google Cloud Endpoints you can create a custom endpoint and use API keys to authenticate the requests that are being done. There's a really good how-to guide from medium you can follow in order to set up your endpoint and your Pub/Sub push subscription.
More information about creating push subscriptions can be found in the public documentation.
I am building a Jira add-on that gives provides the user with the status of an object within my own API (not within Jira). My API is protected using OAuth 2.0. What is the best way to authenticate to my API from my Jira add-on?
I like how the Jira + GitHub/Bitbucket integration works. Specifically, the user retrieves API keys from GitHub and puts them in Jira. Jira then uses these keys to authenticate with and then retrieve data from GitHub. At least, this is how I think it works.
How can I achieve this same effect for my Jira add-on?
When you are building a cloud add-on then you can handle authentication without bothering admins (they don't need to copy anything).
To integrate yourself with Jira UI you need to create a webpanel or page, in both cases, Jira will ask your site to render the HTML code and the request will include JWT token. Inside you will have information about which user did the request.
Now, you can authenticate Jira users to your API in several ways:
render a time-limited token to the HTML and use it to authenticate calls to your API. As a downside of this solution, if someone will keep the page open without reloading for long enough (longer than your time limit) the token will become invalid.
provide a resource to retrieve time-limited token (validate JWT signature provided by Jira to be sure request really comes from particular Jira instance) and retrieve the token every time before doing the request (or every N minutes depending on your time limit).
or if you really want to bother admins then create a configuration page and let them save API keys by hand (I assume they will have to retrieve those keys from you somehow, this additional step may discourage many admins), in this configuration page you will include JS code that on submit will save API keys as Application property and later you will have to retrieve this before making requests to your API. With this approach however, admins will not be able to restrict access to your API to a subset of users with Jira permissions (every logged in user can access application properties, in open instances even anonymous users).
If you are unsure how to validate JWT Token you can read this developer guide. Also, you can make your life easier by using one of the provided framework and tools, for example, atlassian-connect-spring-boot will take care of installation handshake, JWT authentication and authentication to Jira REST API from your server.
I am trying out AWS API Gateway, and it's very easy to import/export API definition from Swagger.
However, I've set my API to require AWS_IAM authorization so it's not public. But I cannot find how to make it work with Swagger UI. It seems Swagger UI only takes API Key, instead of IAM user's Access Key and Secret for Sigv4 signing.
Does anyone know is there a way to configure Swagger UI to take in Access Key/Secret, and sign the request for AWS_IAM auth?
Any direction would be appreciated.
Thanks,
Swagger UI OOTB does not support AWS_IAM auth, however, there you can still accomplish Sigv4 Signing. How to calculate AWS signature V4 in Swagger before request gives two good examples on how to accomplish this.
I used the second example, in conjunction with the author's blog post to test with multiple user Access Key/Secrets. The blog post also goes into more detail on using the AWS JS SDK for this purpose.
I have just completed Hartl's book on rails. Following the examples have been helpful and I have been able to build some very basic functionality for my app. However, there is this API I would like to use, and have been granted a key for the API. I have absolutely no idea how to start implementing the API. The other stuff surrounding API's have been helpful, but I literally am stuck on what the very first step should be to begin implementing the API.
I need for a user to be able to sign up and authenticate, then supply data that will be tracked through the external API. I've got the user sign up and authenticate stuff down pat, just need to know what the very first baby step to using this API should be.
The logic behind the answer would be equally helpful.
You can use ActiveResource for your model and point it to the external API. This is useful if your model uses an external data source.
http://api.rubyonrails.org/classes/ActiveResource/Base.html
If the external API you want to use is a well known, there is a good chance that there is already a gem for interaction with that API.
If you only need to send some data to the external API but your model does not use it as its source, you can use an HTTP client like Faraday https://github.com/technoweenie/faraday
I'm trying to create a redistributable web application that will integrate with Google Analytics through the Google Reporting API. Customer will install the application on their server.
I'm following this tutorial (I'm using PHP, but I believe this is not of importance for my question)
https://developers.google.com/analytics/resources/tutorials/hello-analytics-api
This works fine. No issues there.
However I can't figure out one missing element:
The tutorial starts with sending me to the Google APIs console where I have to create and configure a new API project and create and configure a client ID.
That's a lot of work that requires fairly technical knowledge (redirect url, selecting correct API, error-prone copy-and-pasting, etc.)
So my questions:
Is there an API so I can programmatically set this up for my user?
If that's not possible, is there a more user-friendly way to obtain Analytics reporting that is future-proof? (I noticed they are currently deprecating a few older APIs)
Unfortunately that's AFAIK not possible.
You could go one of the following ways:
Move client_id and client_secret to some configuration file and help your customer with deployment.
Show a one-time setup wizard for your app and guide your customer step-by-step. There you can at least provide him with the right callback URLs.
Regard your application as "installed application" and instrument curl or something similar for sending the requests.