OAuth for access to integration user data

Forum for users and developers of Bullhorn's API service.

Moderators: StaffingSupport, s.emmons, BullhornSupport

Post Reply
joehcr
User
Posts: 10
Joined: Tue Apr 23, 2019 10:28 am

OAuth for access to integration user data

Post by joehcr » Tue Apr 23, 2019 11:52 am

Hi,

I was hoping someone could confirm that OAuth can, in fact, be used to allow a Marketplace Partner to access another BH client's data, assuming they have authorized the partner's integration. (Just like how OAuth works for GSuite, Slack, etc.) I ask for confirmation since I don't remember the documentation explicitly saying this was possible.

Assuming it is, how does the client actually authorize the integration? Is it a part of the in-browser OAuth flow? Does the client BH user need to have a specific level of permissions?

Does this have anything to do with the 'Authorize Partner App' UI in Bullhorn? (found under 'Admin' -> 'BH Connect' -> 'Web Services API')

Thanks

-Joe H
Last edited by joehcr on Tue Apr 23, 2019 1:20 pm, edited 1 time in total.

mfinleybh
User
Posts: 41
Joined: Thu Feb 21, 2019 9:48 am

Re: OAuth for access

Post by mfinleybh » Tue Apr 23, 2019 12:23 pm

Greetings Joe,

In order to get you started with OAuth to integrate with BH; we need to have a Account/Support from the company to request API creds, either SOAP or REST.

With this we can provide you the steps to authenticate.

Thanks!

Mathew Finley | Analyst, Enterprise Support | Boston

joehcr
User
Posts: 10
Joined: Tue Apr 23, 2019 10:28 am

Re: OAuth for access to integration user data

Post by joehcr » Tue Apr 23, 2019 2:42 pm

Mathew,

I'm sorry, but I don't believe you have understood any of my questions here. I am aware that I need API credentials - I have those and have been testing various interactions with the API against our own sandbox account.

Let me put it another way...

I want to know each and every step in the process (whether automated, with UI's, support tickets, etc) by which:
  1. Any hypothetical Bullhorn client can enable and authorize a 3rd-party integration (whether in the Bullhorn Marketplace or not)
  2. The integration is made aware of such authorization
  3. The integration can setup any custom tabs, actions, or custom objects
  4. The integration can then gain authorized API access to Bullhorn data for said client
So far the only documentation I have found (or been given access to) really only covers #4 (the ubiquitous 'OAuth flow') and even then doesn't mention the specific context of accessing a different client's data (this is what my first question was getting at).

For clarification, my goal is NOT to build an API integration for accessing the data in our own account or for some individual other client. I am building an integration for any mutual client to be able to hypothetically use.

mfinleybh
User
Posts: 41
Joined: Thu Feb 21, 2019 9:48 am

Re: OAuth for access to integration user data

Post by mfinleybh » Mon Apr 29, 2019 2:00 pm

Hi joehcr,

Please see the answers to your questions below;

1. Any hypothetical Bullhorn client can enable and authorize a 3rd-party integration (whether in the Bullhorn Marketplace or not)

- There is no specific 'authorization' for a client to utilize an integration. Once they request a key and API user account they are free to do what they wish with it under the specifications/limitations of the API documentation.

2. The integration is made aware of such authorization

- There is no automation to provide awareness of new integrations. For example with our Marketplace partners we send them a short email at the end of the setup with the specific client's API information (Client ID, Client Secret, api user account name & password) for them to connect/start the integration.

3. The integration can setup any custom tabs, actions, or custom objects

- Integrations cannot create any of these custom facets. These will need to be constructed by Bullhorn Support, afterwords they may be written to via API after our initial creation.

4. The integration can then gain authorized API access to Bullhorn data for said client

- Integrations can be built to create access tokens/refresh tokens for Client specific databases. Our API integration does not connect directly to all Bullhorn instances. Each client will have their own unique API access information to connect to their databases.

Please let me know if you have any further questions or concerns.

Best,

Mathew Finley | Analyst, Enterprise Support | Boston

joehcr
User
Posts: 10
Joined: Tue Apr 23, 2019 10:28 am

Re: OAuth for access to integration user data

Post by joehcr » Tue Apr 30, 2019 12:14 pm

Mathew,

Thank you for the clarification.

This does leave one large point of confusion for me, however, regarding your answer to question 1:
One of the main purposes of OAuth is to allow users to authorize 3rd-party integration's/app's access to their accounts (as is used for Slack apps, Google integrations, Github integrations, etc) without having to make requests by email or support ticket for special credentials, as you have described. Further, virtually all of the Bullhorn documentation provided publicly describes something that sounds more like this typical OAuth flow (involving 'redirect URI's', user login through a browser, etc). See http://bullhorn.github.io/docs/oauth/, http://bullhorn.github.io/Getting-Started-with-REST/, https://github.com/bullhorn/rest-api-example-python.

But from what I gather from your advice, you're suggesting to not use those methods and instead perform an authorization that bypasses user interaction in a browser and gain authorization using a dedicated set of credentials (e.g. an 'API' user) that is manually setup in each Bullhorn client's account. Examples of this authorization are found at https://github.com/bullhorn/oauth-example-python and viewtopic.php?f=104&t=14542 (and possibly alluded to in http://bullhorn.github.io/docs/oauth/) but not explicitly documented anywhere I've found so far.

If I'm understanding all of this correctly, why is the latter the recommended route?

Thanks

-Joe

mfinleybh
User
Posts: 41
Joined: Thu Feb 21, 2019 9:48 am

Re: OAuth for access to integration user data

Post by mfinleybh » Tue Apr 30, 2019 1:18 pm

Hi Joe,

What you've mentioned towards the bottom of the post is correct. All of our Marketplace partners and external integrators do not sign into Bullhorn through a browser using the API Credentials.

Although you physically can, this is not recommended per our best practices. The latter route is how the Bullhorn API was designed to be utilized, being able to write/read to the database without signing in/using manual inputs.

As long as you have an access token, this will allow you to generate your restURl & BhRestToken needed to send calls and commands. (Using OAuth and not signing into the app manually)

Please let me know if you have any further questions or concerns.

Best,

Mathew Finley | Analyst, Enterprise Support | Boston

Post Reply