MOTAR
Search…
ATO
This page details how an authorized studio organization can use the ATO Helper Plugin
Before you can use this API, you must:
  1. 1.
    Register your organization in MOTAR Studio.
  2. 2.
    Obtain ATO plugin developer permissions from a MOTAR administrator.
  3. 3.
    Create and configure your ATO plugin in MOTAR Studio.
  4. 4.
    Activate your plugin in MOTAR Studio.

Starting an ATO Request

When an app owner starts an ATO request for their app, the MOTAR API will send the following data to the endpoint you specify in your plugin's configuration.
1
{
2
"requestId": ID, required,
3
"companyId": String, required,
4
"companyName": String, required,
5
"companyPhone": String, optional,
6
"requestingUserFirstName": String, required,
7
"requestingUserLastName": String, required,
8
"requestingUserEmail": String, required,
9
"appName": String, required,
10
"packageName": String, reqiured,
11
"reportUri": String, optional,
12
"status": String, required,
13
"completed": Boolean, required
14
}
Copied!
Note that for an initial request, many of these fields will not be set. Here is an example JSON document for a brand new request.
1
{
2
"requestId": "961675a32173cd4c377fd4d6",
3
"companyId": "5cab8f483d27cf0015990808",
4
"companyName": "Dynepic",
5
"companyPhone": null,
6
"requestingUserFirstName": "Adam",
7
"requestingUserLastName": "Reiter",
8
"requestingUserEmail": "[email protected]",
9
"appName": "My App",
10
"packageName": "My App ATO Package",
11
"reportUri": null,
12
"status": "not-started",
13
"completed": false
14
}
Copied!
This JSON structure will be sent in a POST request, along with a Basic authentication header generated using your plugin's client ID and client secret. You should verify the token is valid before accepting the request. You can also verify that the request originated at the api.motar.io domain for additional security.
Any "status" field can have the following values:
  • not-started
  • in-progress
  • action-required
  • under-review
  • completed

Handling MOTAR Studio Handoff

After a request is started, MOTAR Studio users belonging to the organization that owns the app can begin or continue the ATO process using your ATO application. Technically, this is handled via the MOTAR Single-Sign On (SSO). To support this handoff, you must configure a redirect URI for your plugin. When the user completes the SSO login, they will be redirected to your plugin's redirect URI, along with an authorization code. Your ATO application should read this code and use to generate an authorization token, which can then be used for further API calls. For more information, see Authentication.
After the SSO redirect, the unique identifier for the ATO request will be in the state parameter. This is the requestId that can be used in the API calls below.

APIs For ATO Applications

These APIs are available for managing ATO requests.
post
https://api.motar.io
/plugin/v1/ato/status
Update Request Status
post
https://api.motar.io
/plugin/v1/ato/alert
Create Alert

Handling Adding or Removing App Distributions

In MOTAR Studio, app developers can add or remove distributions from their ATO package. These distributions represent a version of the application that they wish to include in their ATO package. Your API should be configured to accept these requests and you should configure your plugin in MOTAR Studio with an endpoint to receive them.
The following JSON document will be sent to your configured endpoint when the user makes a distribution change.
1
{
2
"requestId": String,
3
"companyId": String,
4
"distributions": [{
5
"version": String,
6
"platforms": [
7
{
8
"name": String,
9
"devices": [String]
10
},
11
...
12
]
13
}, ...]
14
}
Copied!
Adding or removing a distribution will trigger the same endpoint. Whatever is sent in the "distributions" array represents the current state.
Last modified 4mo ago