2

We wish to post updates from some of our external systems to an attask project or task as if they were from the user who initiated the action in the external system.

Can this be done from a single account? ie not having to provide everyones account details to the script posting the update?

Thanks,

Joe

user3689503
  • 43
  • 2

2 Answers2

2

You can do this by doing a second login from an Admin to the user you would like to sudo as. You do NOT pass the password parameter, but just the username. The sessionID that is returned from this call with belong to the target user. You can then switch back to the Admin sessionID to do the next switch.

jclawton
  • 241
  • 1
  • 2
  • Can verify that this works perfectly. I've got an apikey for my service user. I pass it as a header to `/attask/api/login?username=...` and get back a sessionID. I use that in a subsequent call like `POST /attask/api/v4.0/note?sessionID=...`. The result, I can create updates on behalf of specific users. – twamley Sep 13 '16 at 17:11
0

It does not appear that this is possible. I tested passing in a value to both userID and ownerID. It just ignores the value and puts the user ID of either the person who authenticated or the owner of the API key in use.

This might be something to put in a feature request about. It would be handy to be able to write updates automatically from other users. There is a chance for abuse of course, but if you are trusting someone with access to the API and they are a system admin I think it is an unnecessary restriction.

Craig
  • 326
  • 2
  • 12
  • This is possible, we are currently using this type of an update process. I am trying to find out how exactly it is being done. I hope to get back with you in the next day or two. – Jim Young Jun 06 '14 at 18:16
  • Thank you, I would be very interested to see how you are making this work. – Craig Jun 06 '14 at 18:27