RELATED IDEAS
Allow for integration via OAuth 2.0 Service Accounts
Ask: Support OAuth 2.0 Service Accounts for auth on the Aha! API
Background: We use SSO (Okta) for user authentication (Aha! doesn't know about passwords by design). We also have a set of scheduled tasks (scripts) that query the Aha! API, summarize data, and build dashboards. It would be very handy if these scripts could integrate with the Aha! API using Service Accounts (cryptographic signing) instead of a username and password (BASIC). This would allow for a more secure implementation and would allow for service integration without a license allocated to a "bot" user.
-
ADMIN RESPONSEMay 27, 2016
Thank you for the request. We do currently support Oauth for API access. Please see detailed documentation here: http://www.aha.io/api/oauth2
The current oauth flows (authorization code and implicit grant) do not work for server-to-server authentication in which there is no user interaction with a browser (i.e., the situation where the user is an API or a "bot" as Alan said).