ATO
This page details how an authorized studio organization can use the ATO Helper Plugin
Before you can use this API, you must:
Register your organization in MOTAR Studio.
Obtain ATO plugin developer permissions from a MOTAR administrator.
Create and configure your ATO plugin in MOTAR Studio.
Activate your plugin in MOTAR Studio.
Starting an ATO Request
When an app owner starts an ATO request for their app, the MOTAR API will send the following data to the endpoint you specify in your plugin's configuration.
Note that for an initial request, many of these fields will not be set. Here is an example JSON document for a brand new request.
This JSON structure will be sent in a POST request, along with a Basic authentication header generated using your plugin's client ID and client secret. You should verify the token is valid before accepting the request. You can also verify that the request originated at the api.motar.io domain for additional security.
Any "status" field can have the following values:
not-started
in-progress
action-required
under-review
completed
Handling MOTAR Studio Handoff
After a request is started, MOTAR Studio users belonging to the organization that owns the app can begin or continue the ATO process using your ATO application. Technically, this is handled via the MOTAR Single-Sign On (SSO). To support this handoff, you must configure a redirect URI for your plugin. When the user completes the SSO login, they will be redirected to your plugin's redirect URI, along with an authorization code. Your ATO application should read this code and use to generate an authorization token, which can then be used for further API calls. For more information, see Authentication.
After the SSO redirect, the unique identifier for the ATO request will be in the state parameter. This is the requestId that can be used in the API calls below.
APIs For ATO Applications
These APIs are available for managing ATO requests.
Update Request Status
POST https://api.motar.io/plugin/v1/ato/status
Update a request's overall status.
Headers
| Name | Type | Description |
|---|---|---|
Authorization | string | Authorization token generated by SSO. |
Request Body
| Name | Type | Description |
|---|---|---|
cancellable | boolean | Whether or not the user can cancel this request in MOTAR Studio. |
status | string | A new status for the request. |
complete | boolean | Whether or not the request is complete. |
requestId | string | Request ID that was created when the ATO request was initiated. |
Create Alert
POST https://api.motar.io/plugin/v1/ato/alert
Creates an "alert" that will display in the ATO package progress view in MOTAR Studio.
Headers
| Name | Type | Description |
|---|---|---|
Authorization | string | Authorization token generated by SSO. |
Request Body
| Name | Type | Description |
|---|---|---|
requestId | string | ID of ATO request to which this alert pertains. |
title | string | A title for this alert. |
text | string | Text to display in the body of the alert. |
providerId | string | An ID used internally by your application. |
status | string | Alert status. |
type | string | Alert type. Allowed values are "info", "success", "warning", and "error". Defaults to "info". |
Handling Adding or Removing App Distributions
In MOTAR Studio, app developers can add or remove distributions from their ATO package. These distributions represent a version of the application that they wish to include in their ATO package. Your API should be configured to accept these requests and you should configure your plugin in MOTAR Studio with an endpoint to receive them.
The following JSON document will be sent to your configured endpoint when the user makes a distribution change.
Adding or removing a distribution will trigger the same endpoint. Whatever is sent in the "distributions" array represents the current state.
Last updated