Calling the trendy “Mastodon” API and Twitter API from Cloud BPM

 

Hi, there!

 

 

Mastodon is a short messaging SNS service/free software of “decentralized type” with which anyone can operate SNS freely -much like Twitter.

“Mastodon“, often heard recently.

I have not used it so much yet, but they say it is something like a Twitter server that can be built on your own.

Since Mastodon has APIs, I checked whether or not it is possible to call it from Questetra.

* Even though there might not be a demand for its use for now, it could be used as a marketing tool when Mastodon is more widely spread.

Also, I made a comparison with the APIs of Twitter, which can be said is the origin of Mastodon, since it has been famous for a long time. (I suppose there are a lot of people who tried out calling Twitter APIs when testing a web API).

 

 

There are four types of OAuth 2 grant_type (method to get tokens), and Mastodon seems to work with authorization_code and password out of those four. (Whereas, only client_credentials is available in Twitter.)
* It is unconfirmed whether or not it corresponds to other grant_types. Also, note that the grant_type of password is generally not recommended, so please be aware of that as well.

Let’s try connecting Questetra and Mastodon for each of these two grant_types.

 

We are going to use “Throwing Message Intermediate Event (HTTP)” of Questetra.
We are going to use “Throwing Message Intermediate Event (HTTP)” of Questetra.
This is a function that allows you to send an HTTP request in the middle of a flow, and it is possible to set a connection by OAuth 2 (grant_type is authorization_code). If this is available to call the APIs, you don’t need programming.
Details on how to do the setting will be described later.

* Document for “Throwing Message Intermediate Event (HTTP)”
M225: Auto Sending of HTTP Request with Business data Inserted

 

First of all, we will make client registration to Mastodon as follows

* Enter the host name of the targeted Mastodon in “{HOST NAME}”
* Enter the name you like in “{CLIENT NAME}”
* You can change “Scope” according to what you want to do, but it must match with the setting to be done later on Questetra side.
* Since client_id and client_secret which can be obtained from processing results are used later, please note them down.

 

You can go to OAuth setting screen through either of [Set up OAuth 2.0 from here] button of [Connect with the OAuth 2.0] in the [Security / Custom Header] tab on the property screen of “Throwing Message Intermediate Event (HTTP)”, or [OAuth 2.0 Setting] in [▼App] menu.

Name	Value
Name	(set a name of your choice , it will be used later)
Authorization Endpoint URL	https://{HOST NAME}/oauth/authorize
Token Endpoint URL	https://{HOST NAME}/oauth/token
Scope	read write follow (choose it according to what you want to do)
Client ID	(Acquired at the time of client registration)
Client Secret	(Acquired at the time of client registration)

* Enter the host name of the target Mastodon in “{HOST NAME}”

The setting value of OAuth is as follows. Click on [Get Token] button.

 

The setting for “Throwing Message Intermediate Event (HTTP)” to call the API to post a message is as follows.

Name	Value
Network Settings: URL	https://{HOST NAME}/api/v1/statuses
Security / Custom Header: Connect with the OAuth 2.0	(OAuth setting name as before)
Send Parameter Settings	status: (Words you want to post)

 

For grant_type password, use “Script Task” of Questetra. Details of setting will be described later.

* Document for “Script Task”
M230: Auto Executing Complicated Data Processing (ECMAScript)

 

First of all, we will do the client registration to Mastodon as follows

* Enter the host name of the targeted Mastodon in “{HOST NAME}”
* Enter the name you like in “{CLIENT NAME}”
* You can change “Scope” according to what you want to do, but it must match with the settings to be done later on Questetra’s side.
* Since client_id and client_secret which can be obtained from processing results are used later, please note them down.

 

In the “Script Task”, it retrieves an access token, and calls the URL for posting. A sample code is shown below. Enter the appropriate values in between the braces ({}).

var message = data.get("3");
var clientId = "{CIENT ID}";
var secret = "{CLIENT SECRET}";
var accessLog = "";

var uriToken = "https://{HOST NAME}/oauth/token";
var response = httpClient.begin()
.formParam( "grant_type", "password" )
.formParam( "client_id", clientId )
.formParam( "client_secret", secret )
.formParam( "scope", "write read follow" )
.formParam( "username", "{LOGIN USER NAME}" )
.formParam( "password", "{LOGIN PASSWORD}" )
.post( uriToken );
accessLog += "---POST request--- " + response.getStatusCode() + "\n";
accessLog += response.getResponseAsString() + "\n";
var oauthTokenObj = JSON.parse( response.getResponseAsString() );
var oauthToken = oauthTokenObj.access_token;
accessLog += "oauthToken: " + oauthToken + "\n";

var uriExecute = "https://{HOST NAME}/api/v1/statuses";
var responseCreate = httpClient.begin()
.bearer( oauthToken )
.formParam( "status", message )
.post( uriExecute );
accessLog += "---POST request--- " + responseCreate.getStatusCode() + "\n";
accessLog += responseCreate.getResponseAsString() + "\n";

retVal.put( "0", accessLog );

 

For the grant_type of OAuth 2.0 in Twitter, only client_credentials is available.

* Reference material: Twitter Developer Documentation, POST oauth2/token

 

For grant_type client_credentials, also use “Script Task” of Questetra. Details of setting will be described later.

 

First of all, we will make client registration to Twitter referencing this page. Please note, again, the client_id and client_secret that can be obtained from processing results, since we use them later.

 

In the “Script Task”, it retrieves an access token, and calls the URL for retrieving list. A sample code is shown below. Enter the appropriate values in between the braces ({}).

var clientId = "{CLIENT ID}";
var secret = "{CLIENT SECRET}";
var accessLog = "";

var uriToken = "https://api.twitter.com/oauth2/token";
var response = httpClient.begin()
.formParam( "grant_type", "client_credentials" )
.formParam( "client_id", clientId )
.formParam( "client_secret", secret )
.post( uriToken );
accessLog += "---POST request--- " + response.getStatusCode() + "\n";
accessLog += response.getResponseAsString() + "\n";
var oauthTokenObj = JSON.parse( response.getResponseAsString() );
var oauthToken = oauthTokenObj.access_token;
accessLog += "oauthToken: " + oauthToken + "\n";

var uriExecute = "https://api.twitter.com/1.1/statuses/user_timeline.json";
var responseExecute = httpClient.begin()
.bearer( oauthToken )
.queryParam( "screen_name", "{SCREEN NAME}" )
.queryParam( "count", 3 )
.get( uriExecute );
accessLog += "---GET request--- " + responseExecute.getStatusCode() + "\n";
accessLog += responseExecute.getResponseAsString() + "\n";

retVal.put( "0", accessLog );

 

However, in the case of the access token obtained this way, since it is not associated with the user context, the usable API is limited… Well, it is natural since it did not pass user authentication as in the case of authorization_code.
Reference material：Twitter Developer Documentation, Application-only authentication

In other words, if you want to call the APIs and post it, it seems that you have to use the previous OAuth 1. But, connection setting in OAuth 1 is not supported in Questetra…
Therefore, if you want to call the APIs and make a post, I think that it is quick to combine it with a cooperation tool such as ifttt. Using ifttt, you can post, etc. To Twitter by sending an email via Questetra, easily.

 

In this way, I examined collaboration between Questetra and Mastodon and Twitter, focusing on connection in OAuth 2.
I suppose that you can understand that it can be set easily, if grant_type is authorization_code. However, even if grant_type is authorization_code, there are cases where it does not connect well depending on the counterpart… I will tell you about it in another article.

 

If you have any questions, please feel free to Contact us.

 

By applying for your Free account of your own Questetra, you will be able to use all the Questetra features including what I mentioned above.
Please click HERE to go to the Web form.