This is box title
I made a trial to call APIs of “Mastodon” from Questetra, a Cloud-based BPM Workflow. Also, tried the same to Twitter’s APIs.

 

Hi, there!

 

TOC
1: What is “Mastodon”?
2: Collaboration between Questetra and Mastodon
 2.1: Grant_type available in Mastodon
 2.2: How to connect with Grant_type: authorization_code
 2.3: How to connect with grant_typepassword
3: Collaboration between Questetra and Twitter
 3.1: How to connect with Grant_type: client_credentials
4: Closing

 

1: What is “Mastodon”?

Mastodon is a short messaging SNS service/free software of “decentralized type” with which anyone can operate SNS freely -much like Twitter.

Mastodon“, often heard recently.

I have not used it so much yet, but they say it is something like a Twitter server that can be built on your own.

Since Mastodon has APIs, I checked whether or not it is possible to call it from Questetra.

* Even though there might not be a demand for its use for now, it could be used as a marketing tool when Mastodon is more widely spread.

Also, I made a comparison with the APIs of Twitter, which can be said is the origin of Mastodon, since it has been famous for a long time. (I suppose there are a lot of people who tried out calling Twitter APIs when testing a web API).

 

2: Collaboration between Questetra and Mastodon

 

2.1: Grant_type available in Mastodon

There are four types of OAuth 2 grant_type (method to get tokens), and Mastodon seems to work with authorization_code and password out of those four. (Whereas, only client_credentials is available in Twitter.)
* It is unconfirmed whether or not it corresponds to other grant_types. Also, note that the grant_type of password is generally not recommended, so please be aware of that as well.

Reference: 4 types of the grant_type specified in OAuth 2
・Authorizaton Code Grant (authorization_code)
・Implicit Grant (implicit)
・Resource Owner Password Credentials Grant (password)
・Client Credentials Grant (client_credentials)

Let’s try connecting Questetra and Mastodon for each of these two grant_types.

 

2.2: How to connect with Grant_type: authorization_code

We are going to use “Throwing Message Intermediate Event (HTTP)” of Questetra.
We are going to use “Throwing Message Intermediate Event (HTTP)” of Questetra.
This is a function that allows you to send an HTTP request in the middle of a flow, and it is possible to set a connection by OAuth 2 (grant_type is authorization_code). If this is available to call the APIs, you don’t need programming.
Details on how to do the setting will be described later.

* Document for “Throwing Message Intermediate Event (HTTP)”
 M225: Auto Sending of HTTP Request with Business data Inserted

 

Client registration to Mastodon

First of all, we will make client registration to Mastodon as follows

curl -X POST -sS https://{HOST NAME}/api/v1/apps -F “client_name={CLIENT NAME}” -F “redirect_uris=https://fs.questetra.net/oauth2callback” -F “scopes=read write follow”
* Enter the host name of the targeted Mastodon in “{HOST NAME}”
* Enter the name you like in “{CLIENT NAME}”
* You can change “Scope” according to what you want to do, but it must match with the setting to be done later on Questetra side.
* Since client_id and client_secret which can be obtained from processing results are used later, please note them down.

 

OAuth setting in “Throwing Message Intermediate Event (HTTP)” of Questetra

You can go to OAuth setting screen through either of [Set up OAuth 2.0 from here] button of [Connect with the OAuth 2.0] in the [Security / Custom Header] tab on the property screen of “Throwing Message Intermediate Event (HTTP)”, or [OAuth 2.0 Setting] in [▼App] menu.

Name Value
Name (set a name of your choice , it will be used later)
Authorization Endpoint URL https://{HOST NAME}/oauth/authorize
Token Endpoint URL https://{HOST NAME}/oauth/token
Scope read write follow (choose it according to what you want to do)
Client ID (Acquired at the time of client registration)
Client Secret (Acquired at the time of client registration)

* Enter the host name of the target Mastodon in “{HOST NAME}”

The setting value of OAuth is as follows. Click on [Get Token] button.

 

Settings in property of “Throwing Message Intermediate Event (HTTP)” of Questetra

The setting for “Throwing Message Intermediate Event (HTTP)” to call the API to post a message is as follows.

Name Value
Network Settings: URL https://{HOST NAME}/api/v1/statuses
Security / Custom Header: Connect with the OAuth 2.0 (OAuth setting name as before)
Send Parameter Settings status: (Words you want to post)
When calling the APIs with “Throwing Message Intermediate Event (HTTP)”, we recommend that you prepare two String type Data Items and set them as shown below in order to get detailed information when something goes wrong.

  • Network Settings: String type data item that will contain error details when an error occurred
  • Response Settings: check on [Save the Response] and specify [Data item to save the response]

 

2.3: How to connect with grant_typepassword

For grant_type password, use “Script Task” of Questetra. Details of setting will be described later.

* Document for “Script Task”
M230: Auto Executing Complicated Data Processing (ECMAScript)

 

Client registration to Mastodon

First of all, we will do the client registration to Mastodon as follows

curl -X POST -sS https://{HOST NAME}/api/v1/apps -F “client_name={CLIENT NAME}” -F “redirect_uris=urn:ietf:wg:oauth:2.0:oob” -F “scopes=read write follow”
* Enter the host name of the targeted Mastodon in “{HOST NAME}”
* Enter the name you like in “{CLIENT NAME}”
* You can change “Scope” according to what you want to do, but it must match with the settings to be done later on Questetra’s side.
* Since client_id and client_secret which can be obtained from processing results are used later, please note them down.

 

Setting in “Script Task” of Questetra

In the “Script Task”, it retrieves an access token, and calls the URL for posting. A sample code is shown below. Enter the appropriate values in between the braces ({}).

var message = data.get("3");
var clientId = "{CIENT ID}";
var secret = "{CLIENT SECRET}";
var accessLog = "";

var uriToken = "https://{HOST NAME}/oauth/token";
var response = httpClient.begin()
.formParam( "grant_type", "password" )
.formParam( "client_id", clientId )
.formParam( "client_secret", secret )
.formParam( "scope", "write read follow" )
.formParam( "username", "{LOGIN USER NAME}" )
.formParam( "password", "{LOGIN PASSWORD}" )
.post( uriToken );
accessLog += "---POST request--- " + response.getStatusCode() + "\n";
accessLog += response.getResponseAsString() + "\n";
var oauthTokenObj = JSON.parse( response.getResponseAsString() );
var oauthToken = oauthTokenObj.access_token;
accessLog += "oauthToken: " + oauthToken + "\n";

var uriExecute = "https://{HOST NAME}/api/v1/statuses";
var responseCreate = httpClient.begin()
.bearer( oauthToken )
.formParam( "status", message )
.post( uriExecute );
accessLog += "---POST request--- " + responseCreate.getStatusCode() + "\n";
accessLog += responseCreate.getResponseAsString() + "\n";

retVal.put( "0", accessLog );


 

3: Collaboration between Questetra and Twitter

For the grant_type of OAuth 2.0 in Twitter, only client_credentials is available.

* Reference material: Twitter Developer Documentation, POST oauth2/token

 

3.1: How to connect with Grant_type: client_credentials

For grant_type client_credentials, also use “Script Task” of Questetra. Details of setting will be described later.

 

Client registration to Twitter

First of all, we will make client registration to Twitter referencing this page. Please note, again, the client_id and client_secret that can be obtained from processing results, since we use them later.

 

Setting in “Script Task” of Questetra

In the “Script Task”, it retrieves an access token, and calls the URL for retrieving list. A sample code is shown below. Enter the appropriate values in between the braces ({}).

var clientId = "{CLIENT ID}";
var secret = "{CLIENT SECRET}";
var accessLog = "";

var uriToken = "https://api.twitter.com/oauth2/token";
var response = httpClient.begin()
.formParam( "grant_type", "client_credentials" )
.formParam( "client_id", clientId )
.formParam( "client_secret", secret )
.post( uriToken );
accessLog += "---POST request--- " + response.getStatusCode() + "\n";
accessLog += response.getResponseAsString() + "\n";
var oauthTokenObj = JSON.parse( response.getResponseAsString() );
var oauthToken = oauthTokenObj.access_token;
accessLog += "oauthToken: " + oauthToken + "\n";

var uriExecute = "https://api.twitter.com/1.1/statuses/user_timeline.json";
var responseExecute = httpClient.begin()
.bearer( oauthToken )
.queryParam( "screen_name", "{SCREEN NAME}" )
.queryParam( "count", 3 )
.get( uriExecute );
accessLog += "---GET request--- " + responseExecute.getStatusCode() + "\n";
accessLog += responseExecute.getResponseAsString() + "\n";

retVal.put( "0", accessLog );

 

However, in the case of the access token obtained this way, since it is not associated with the user context, the usable API is limited… Well, it is natural since it did not pass user authentication as in the case of authorization_code.
Reference material:Twitter Developer Documentation, Application-only authentication

In other words, if you want to call the APIs and post it, it seems that you have to use the previous OAuth 1. But, connection setting in OAuth 1 is not supported in Questetra…
Therefore, if you want to call the APIs and make a post, I think that it is quick to combine it with a cooperation tool such as ifttt. Using ifttt, you can post, etc. To Twitter by sending an email via Questetra, easily.

 

4: Closing

In this way, I examined collaboration between Questetra and Mastodon and Twitter, focusing on connection in OAuth 2.
I suppose that you can understand that it can be set easily, if grant_type is authorization_code. However, even if grant_type is authorization_code, there are cases where it does not connect well depending on the counterpart… I will tell you about it in another article.

 

If you have any questions, please feel free to Contact us.

 

Apply for Starter Plan (Free) Here

By applying for your Free account of your own Questetra, you will be able to use all the Questetra features including what I mentioned above.
Please click HERE to go to the Web form.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.