Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik GA: Multivariate Time Series in Qlik Predict: Get Details
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
hwinkels
New Member
New Member
11 hours ago

REST Api: Questions about getting automation details + "fields" parameter in general

Hi there,

 

we are developing a service to trigger automations via the Qlik REST Api.

For this we are using OAuth allowing for impersonation.

 

While working with the API, I stumbled upon some issues with the API:

 

"fields" paramerter in endpoints:

The documentation e.g. for getting a list of all automations get-api-v1-automations states that there is a "fields" parameter.

However, the parameter is completely ignored.

The only endpoint where it seems to be working is the /api/v1/users endpoint - is this simply not implemented yet for automations (although the docs say differently) or am I missing something when e.g. querying /api/v1/automations?fields=name ?

Getting automation details (executionToken for triggered automations):

As stated above, we are using OAuth and impersonation to allow the service to run all existing automations.

When not impersonating, the client is acting as a Tenant Admin, which allows us to get a list of all automations.

However, the list of all automations does not include the executionToken for triggered automations unless you are explicitly the owner of that automation.

So to get the executionToken, we have to impersonate the owner, which means we have to find out who the owner is first.

This leads to the following scenario:

Our service is supposed to trigger automation "XYZ12345" (identified only by it's ID).

At this point, the owner is unknown - the endpoint to get information on the automation (GET /api/v1/automations/XYZ12345) is forbidden to the OAuth client, since it's not the owner.

The list of all automations strangely does not allow for an ID-filter. 

This then means we have to query all automations every time, filter for the ID in question client-side to get its ownerId, and then impersonate the owner to get the automation details including the executionToken.

This seems like a very convoluted way to go about things, so again I am wondering if I am missing something here?

We tried giving all available roles to the OAuth client in the UI and tried the appropriate scopes ("admin_classic" / "admin.automations") for the access token, but that didn't help.

I saw that you can actually provide a filter for other fields like "name" for the automations endpoint, but since that property is potentially subject to change and the information on which automation to run in which case is stored outside of Qlik, it wouldn't be safe to use.

 

Thanks alot!

 

Labels (3)
Labels
29 Views
0 Replies