Invoking a OAuth2 REST API with the TIBCO BusinessWorks 5.x plug-in for REST and JSON

In this post I will show you some pointers on how to invoke a OAuth2.0 REST service with the TIBCO ActiveMatrix BusinessWorks plug-in for REST and JSON plugged into TIBCOActiveMatrix BusinessWorks™. OAuth2.0 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, Google, Twitter and It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account.
For this demo I’m using the add-to-watchlist is a website that collects lots of interesting information about what TV shows and movies that everyone is watching by scrobbling media players or by manual input from its users. They’ve exposed their movie watchlist capabilities with their OAuth secured API.

General process definition

The REST and JSON plug-in allows you to invoke RESTful Web Service APIs and translate data between JSON format and XML format (and vice versa) very easily. In this demo, the source of the movie watchlist data comes from my IMDB watchlist which I exported to a CSV file using the export web tool.
The simple BW Process Definition flow:
  • Parse Data – Use a Data Format shared resource to be able to parse the data from the file. 
  • Map Data – Use this to prepare for JSON rendering. You can also use a XSD generated from a sample JSON tekst using the “Generate XML schema from JSON” tool.
  • Render JSON – Render the XML output from Map Data to JSON format.
  • Invoke REST API – invoke the API using the JSON data as the payload.

JSON conversion

The XML output from Map Data will be converted to JSON using the the Render JSON activity. Looking at the Input Editor config, the chosen cardinality of movies and shows might look odd but this is the only way to get a proper JSON rendering.
The output of Render JSON will be like in below image. You can see three movies and two TV series (shows).

Invoke REST API using OAuth2.0

Obtaining the Access Token

This part can be a bit tricky. You can for example write your own oauth client program using libraries from Google or some other open source initiative. Or you can follow the manual approach below:
  1. First, create a client_id and client_secret by registering a app. Click here for some helpful links to get you started.
  2. Grab the code parameter value which you need to obtain from your app redirect url querystring. You will use this in step 3.
  3. Open SoapUI (by SmartBear) and use the Access Token Retrieval tool. Fill in the obtained code from step 2 in the Client Identification field. The Redirect URI could be the same as what you have used in Step 1. For OAuth 2 Flow, choose Implicit Grant as we don’t need web browser interaction. After you have clicked Get Access Token button, a access_token should be presented to you.

Configure the Invoke REST API activity

Make sure to leave Protocol to None. Add the Resourc URI which you can get from the Trakt API page

Add two header fields: trakt-api-version and trakt-api-key.

Finalize the input mapping. The OAuth2TokenValue is the Access Token we just obtained.


After running the process, the Invoke REST API activity should output something like this:
Go to your Watchlist page ([username]/watchlist) to see the result:
Happy watching!