ALTERYX INSPIRE | Join us this May for for a multi-day virtual analytics + data science experience like no other! Register Now

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.

Calling Alteryx Gallery API from RStudio

6 - Meteoroid

Hi everyone,


I am working on creating a connection to Alteryx Gallery in R so we can dynamically kick off workflows. I am trying to start with a simple example by just doing a GET request to pull all app ID's in my private studio (using the "/v1/workflows/subscription/" endpoint), but cannot resolve the oauth signature HTTP 401 error. I have read all the API documentation, and have created a request string that is nearly identical to what is produced in the help docs, so I'm not sure where to turn next. Here is my code:



#package library

# Credential values obtained from user Profile on Alteryx Gallery
apikey <- <apikey>
secret <- <secret>
# Base url used for all api calls to gallery
Baseurl <- "https://<org instance>.com/gallery/api/"

# Endpoint for specific action query
get.subscriptions <- "v1/workflows/subscription/"

# Generate oauth signature
signature <- oauth_signature(url = Baseurl,
                method = "GET",
                oauth_app(appname = "Alteryx",
                          key = apikey,
                          secret = secret)

# Concatenate oauth parameters and append to base url and endpoint
oauth <- paste0(Baseurl, get.subscriptions,
               "?oauth_timestamp=", as.character(signature[5]),
               "&oauth_signature_method=", signature[4],
               "&oauth_consumer_key=", signature[1],
               "&oauth_version=", signature[6],
               "&oauth_nonce=", signature[2],
               "&oauth_signature=", url_encode(unlist((signature[3])))

#Send request to server and print response
request <- GET(oauth)


This code produces the following request string (which gets the HTTP 401 invalid oauth signature error):

"https://<org instance>.com/gallery/api/v1/workflows/subscription/?oauth_timestamp=1617041856&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=<apikey>&oauth_version=1.0&oauth_nonce=qsAXwrreNa&oauth_signature=FIuHrQMsS%2br74zfV7x9lXCCmjiI%3d"


Here is the string that successfully calls the server API created with the help docs:

https://<org instance>.com/gallery/api/v1/workflows/subscription/?oauth_timestamp=1617041913&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=<apikey>&oauth_version=1.0&oauth_nonce=zay7u&oauth_signature=QgzEtGdTphIm12EVVum5rOiL9LY%3D

As you can see these are set up identically, besides for the custom nonce, timestamp, and signature that my code is creating.


Any assistance or guidance would be greatly appreciated. Have read other community posts on the topic which were helpful, (namely but after encorporating their suggestions something is still missing and I'm out of troubleshooting ideas.




16 - Nebula
16 - Nebula

@rborger The alteryx server (and API's in general) are extremely picky about that signature. The help docs do a terrible job of explaining how to generate a valid signature. A couple of suggestions:

1) @michael_treadwell has an R package from a couple years ago. At the very least, you may be able to see how he did it.

2) I have a blog post about using alteryx to hit the alteryx api that provides a lot of api details. It looks like you're leveraging the httr library for the signature, so I'm not sure what it's doing wrong. You may want to create your own signature so that way you get it right. For the signature, you need to base64 encode a string like this using HMAC-SHA1. I would look at the digest library to do the HMAC-SHA1 part (and then you would just need to base64 encode it). Here is the input for the hashing of the oauth_signature:


There are a  lot of pitfalls that I point out in my blogpost:

  1. The oauth_signature adds a GET& or POST& at the beginning.
  2. The oauth_signature percentile encodes the URL and oauth_parameters. The Full_Request_URL doesn’t encode these items.
  3. The oauth_signature puts an & after the URL whereas the Full_Request_URL uses an ?.
  4. The Full_Request_URL adds the base64 encoded and HMAC-SHA1 encrypted oauth_signature to the end.
  5. For what it’s worth, the oauth_signature requires the oauth_parameters be in alphabetical order while the Full_Request_URL would not have this same requirement.

Hope that helps!


16 - Nebula
16 - Nebula

@rborger 2 last quick thoughts/clarifications

1) Your secret will need to have an ampersand at end (&) 

2) in looking at httr documentation, I think you'll need to add all of the oauth paramaters to the oauth_signature function. You'll definitely need to have them in alphabetical order, and the whole url encoding can be tricky (ie sometimes you need & and sometimes you need the url encoded &). I still think building your own signature with digest is your best bet as I'm not sure what all httr is doing under the hood.