2

I can successfully create an update on projects but it seems that I cannot overwrite the thread creator by ownerID.

URL sample:

https://workfronturl/attask/api/note?updates={"noteText":"test","noteObjCode":"PROJ","objID"="projectid", "ownerID":"ownerIDxxxxafda"}&method=POST

Can the ownerID be forced to another user?

Styx
  • 9,863
  • 8
  • 43
  • 53
PCO
  • 21
  • 2

1 Answers1

0

If I understand correctly, you want to make an update on behalf of a user. We do this all the time as we have a system that translates updates from another system to Workfront. If this does solve your problem, please be sure to write to Workfront and tell them that they need to leave this functionality in the API in the future. I have confirmed with them that this wasn't supposed to work this way.

So, with regards to solving the problem, you need to do the following:

  1. Login as the user who you want to make an update on behalf of. You can do this without having the users password if you have an API key. Just run the login command as you normally would, but instead of passing in a password, send the username and apiKey.
  2. This will return a sessionID. Use the session ID to authenticate when making your update.
  3. If your system is caching credentials, don't forget to log out or all future updates, changes, whatever, will try to use that session ID.

If you are using Python, we built a function into the workfrontapi_plus (only Python3.x) python library to support exactly this called make_update_as_user. As a note, I haven't managed to publish the documentation for this yet, but the doc strings are there and fully filled out with instructions.

Craig
  • 326
  • 2
  • 12
  • I was about to post that the request isn't possible via the API, but I'm interested to see that you have a workaround. When logging in as the 'target' user, are you passing their API key or an admin level key? If it's the former, is there a way to request a user's API key in an automated manner? – Brian R Oct 02 '17 at 14:54
  • Craig, you are right. That's what I was attempting to do. I'm assuming that we're talking about the admin api key as the user I'm making an update as is not an admin nor can create their own api keys. I'll try your workaround. – PCO Oct 02 '17 at 19:02
  • PCO - I am talking about an admin API key. – Craig Oct 03 '17 at 14:14
  • Brian, there is no way to request an API key for a non-admin user. This method works only if you have an admin API key set aside for this specific use. I will briefly explain one of the ways that we use this to further illustrate. We have replaced the default Workfront email notification system with our own. When someone replies to an email notification (task assignment, comment, thread) our system needs to put an update into Workfront on behalf of that user. It would be very bad if it showed as coming from Admin. We pass in the users email and an API key. Then use sessionID to auth. – Craig Oct 03 '17 at 14:16
  • This seems to be the most relevant question on stackoverflow to the same issue I'm facing. @Craig can you please provide any documentation or example calls to illustrate this working? – Lee Daniels May 09 '23 at 15:59