Here's my use case. I'm working on an application integration to run workflows/apps in our private gallery from our business application. I have implemented the API calls from our business application to the Gallery APIs and it works great. Now I want to fine-tune security authorization, that is, I do not want to make all API calls using the oAuth key/secret of a service account. Rather, I'd like this service account to retrieve the actual user's key/secret based on the user Id to build the oAuth signature for the API calls. This way we can use Gallery and Collections permissions to manage who can run what apps from the APIs.
I have checked every API under "Admin V1", "Admin V2" and "User V2" on the Swagger screen but didn't find any API for this. Is this possible?
Solved! Go to Solution.
Hi @1737280
I don't think there's an API for that, but you can use the MongoInput tool to query the "subscriptions" table in the AlteryxGallery database. You can find the fields ApiKey and ApiSecret in there.
Cheers,
I'll try what you suggested! thanks a lot!
@Thableaus @1737280 The APISecret appears to be encoded, any ideas how to decode it? I added a question over here, and your answer would work if I could decode the secret: https://community.alteryx.com/t5/Alteryx-Server-Discussions/Admin-access-to-API-secret/m-p/1000248#M...