Skip to main content
Mitratech Success Center
Client Support Center

Need help? Click a product group below to select your application and get access to knowledge articles, webinars, training content, and release notes or to contact our support team.

Authorized users - log in to create a ticket, view tickets status and check your success plan details.

 

Setting Up TAP External API with OAuth support

  1. Last updated
  2. Save as PDF

Instructions for Setting Up TAP External API with OAuth support

The External API feature in TAP enables interaction with third-party REST API endpoints. Most modern APIs use authorization flows such as OIDC or OAuth2 for secure access.

This guide provides step-by-step instructions to configure an External API in TAP using the OAuth 2.0 Authorization Code Grant flow to access a protected resource.

Prerequisites

Before configuring TAP, ensure the following components are available:

  • Resource Server Endpoint URL
  • Authorization Server "authorize" endpoint
  • Authorization Server "token" endpoint
  • Required scopes from the resource server
  • Client ID (from the external API provider)
  • Client Secret (from the external API provider)

Additionally, confirm that TAP has been properly registered as an OAuth client with the API provider and that the redirect URL is correctly configured.

⚠️ Note: Ensure the tenant URL used is accurate. Example redirect URL:

https://default.tap.thinksmart.com/prod/Portal/authentication/tokencallback

Configuring TAP

External APIs can be configured in TAP at either the "Stage" or "Relationship" level. The only difference lies in how the API call is triggered (e.g., by clicking a button or on form submission). This guide demonstrates configuration at the Stage level.

Step-by-Step Configuration

1. Add Form Elements

Start by building a simple form with the following components:

  • A text field (to display a value from the API)
  • A button (to trigger the API call)

Set up a basic workflow with two stages to enable testing and demonstration.

2. Configure the External API

  • Select the first stage in the workflow.
  • Navigate to the External API configuration section.

Main Info Tab

  • Provide a unique name for the API configuration.
  • Select the triggering button (the one added to the form).
  • Input the API URL
  • Select the HTTP method (e.g., GET)
  • Add any required headers (e.g., for authorization)

3. Configure OAuth Authorization

Switch to the Authorization tab.

  • Set the Response Type to code
  • Enter the following values:
    • Client ID
    • Client Secret
    • Scopes (as required by the API)
    • Authorize URL
    • Token URL

Click “Generate OAuth URL” to register the correct redirect URL.

Define Aliases

  • Navigate to the Aliases tab.
  • Create an alias for the field you want to extract from the API response.

5. Configure the Response Mapping

  • Open the Response tab.
  • Map the appropriate value returned from the API to the form field where it should be displayed.

Testing the Workflow

Once the configuration is complete:

  1. Launch the workflow
  2. Click the button configured to trigger the API call
  3. This will initiate the OAuth authentication flow.

Authentication Workflow

  • The user will be redirected to the external provider's login interface.
  • Select an authentication method (e.g., log in with email, SSO, etc.
  • Enter valid credentials and grant permission to the TAP application.

Display the Results

After successful authentication and authorization:

  • The form field will display the value retrieved from the external API.

The TAP External API feature, combined with OAuth 2.0 support, enables integration with modern third-party services. Proper configuration ensures secure communication, dynamic data retrieval, and enhanced user interactions within TAP workflows.

This guide demonstrates a basic example. The same steps can be applied to any OAuth 2.0-compliant service.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. OAuth
    2. OAuth2
    3. TAP External API