Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.
SOLVED

Restrictions to API

arunkumark_21
7 - Meteor

Hi Team,

 

We were using Alteryx as a backend technology. We created 1 user per application and we were using subscription API to call the workflow.

 

The capabilities of gallery APIs are huge! but unfortunately we will not be able to use it as we tested and found that only curator can access Gallery API which will eliminate restrictions(as one application user can see other application's workflow also).

 

My question is:

1. Will the subscription API be decommissioned along with v1 APIs? 

2. How to set restrictions on API calls.

 

I was expecting APIs to work the same way how the restricts are seen on front end, but looks like that is not the case.

4 REPLIES 4
TheOC
15 - Aurora
15 - Aurora

hey @arunkumark_21 
It's incredible to hear that you're making progress with the API - it's fantastic when used correctly!

I'd recommend having a look through this document:
https://help.alteryx.com/developer-help/server-api-overview



There are 3 'types' of API on the Alteryx server:

  • Subscription
    • This allows for interaction with subscriptions and workflows that the user has access to
  • User 
    • This allows for interaction with credentials, input files, and schedules
  • Admin
    • This allows the admin of the server (Curator) to access as you mentioned, in an unrestricted way.

I believe you need to set an Artisan user to have 'API access' in the user tab of the Admin Panel. This will allow users to access the Subscription & User API (which, my understanding has the restrictions you are looking for).
This is taken from the URL provided above:

 

Users with the Curator role can use the API Access keys to access all APIs.

All non-Curator users can use the API Access keys to access the Subscription API, User V2 API, and User V3 API.


Please let me know if this doesn't help answer your question, or if i can provide any additional help.

 

Kind Regards,

Owen


Bulien
arunkumark_21
7 - Meteor

Hi Aurora,

 

Thank you so much for your response.

I already experimented with the Subscription API, User V2 API. I can't see User V3 API in my machine.

 

 

The use case is as follows:

- Our team is responsible for building and deploying Alteryx Workflows. 

- Few of the other front end teams are planning to use Alteryx as backend technology(access only through API), these team will have 1 user(subscription) which will not publish but just runs the workflow.

- API is working great! But unfortunately it has been configured by alteryx only to work for curators. These Front end app team should not get curator role (restrictions). We give them access only to the workflows(using collection) which they are meant to see and run.

 

In this case, 

Server API cant be used - because it can be used only by Curator.

Subscription API cant be used - because there will not be any workflow under their subscription. But only shared to their subscription.

 

If only they have not restrict server APIs only for curators but work exactly like what operation the role/use able to do in front end, my problem would have got fixed.

 

Kindly help if you have faced such scenario.

 

Thanks,

Arun Kumar 

arunkumark_21
7 - Meteor

Hi Owen,

 

Writing this so that it will be useful for someone who is working on the same lines.

 

I manage to find a way to establish a segregation. But it is not too neat, but works!

 

Luckily with Subscription API we can

1. Fetch inputs in a workflow

2. Run workflow

3. get job id and status

4. get workflow results

this is all the other teams needed to do in Alteryx server.

 

To achieve this:

- Create a project specific subscription(only for API usage).

- Enable Subscription API(also called Private API) not ADMIN -> USER -> Enable API but ADMIN -> SUBSCRIPTION -> Enable API to the newly created subscription.

- Add all the users in the project who need to run API to the new subscription.

(note to access Subscription API the user need to have artisan access)

 

- After development and testing the Alteryx developer user can be added to the new subscription. 

- Reopen the Alteryx workflow in the designer(refresh only happens when you close and reopen Alteryx Designer)

- Publish the workflow to new subscription.

- Switch back the Alteryx developer user to his/her own subscription. 

 

Hope Alteryx provide role base access to server API as well as it will be more cleaner to access and to test using swagger.

But for now, life is going fine!!

 

Thanks,

Arun Kumar

AudreyMcPfe
7 - Meteor

@jfkressler, stumbled on another thread looking for more API control by those in an oversight but not platform role.  for those who have separate platform vs business governance, the power of the APIs are greatly diminished  :(