Visualize PingOne Data in TIBCO Spotfire through OData

Jerod Johnson
Jerod Johnson
Director, Technology Evangelism
Integrate PingOne data into dashboards in TIBCO Spotfire.

OData is a major protocol enabling real-time communication among cloud-based, mobile, and other online applications. The CData API Server provides PingOne data to OData consumers like TIBCO Spotfire. This article shows how to use the API Server and Spotfire's built-in support for OData to access PingOne data in real time.

Set Up the API Server

If you have not already done so, download the CData API Server. Once you have installed the API Server, follow the steps below to begin producing secure PingOne OData services:

Connect to PingOne

To work with PingOne data from TIBCO Spotfire, we start by creating and configuring a PingOne connection. Follow the steps below to configure the API Server to connect to PingOne data:

  1. First, navigate to the Connections page.
  2. Click Add Connection and then search for and select the PingOne connection.
  3. Enter the necessary authentication properties to connect to PingOne.

    To connect to PingOne, configure these properties:

    • Region: The region where the data for your PingOne organization is being hosted.
    • AuthScheme: The type of authentication to use when connecting to PingOne.
    • Either WorkerAppEnvironmentId (required when using the default PingOne domain) or AuthorizationServerURL, configured as described below.

    Configuring WorkerAppEnvironmentId

    WorkerAppEnvironmentId is the ID of the PingOne environment in which your Worker application resides. This parameter is used only when the environment is using the default PingOne domain (auth.pingone). It is configured after you have created the custom OAuth application you will use to authenticate to PingOne, as described in Creating a Custom OAuth Application in the Help documentation.

    First, find the value for this property:

    1. From the home page of your PingOne organization, move to the navigation sidebar and click Environments.
    2. Find the environment in which you have created your custom OAuth/Worker application (usually Administrators), and click Manage Environment. The environment's home page displays.
    3. In the environment's home page navigation sidebar, click Applications.
    4. Find your OAuth or Worker application details in the list.
    5. Copy the value in the Environment ID field. It should look similar to: 
      WorkerAppEnvironmentId='11e96fc7-aa4d-4a60-8196-9acf91424eca'

    Now set WorkerAppEnvironmentId to the value of the Environment ID field.

    Configuring AuthorizationServerURL

    AuthorizationServerURL is the base URL of the PingOne authorization server for the environment where your application is located. This property is only used when you have set up a custom domain for the environment, as described in the PingOne platform API documentation. See Custom Domains.

    Authenticating to PingOne with OAuth

    PingOne supports both OAuth and OAuthClient authentication. In addition to performing the configuration steps described above, there are two more steps to complete to support OAuth or OAuthCliet authentication:

    • Create and configure a custom OAuth application, as described in Creating a Custom OAuth Application in the Help documentation.
    • To ensure that the driver can access the entities in Data Model, confirm that you have configured the correct roles for the admin user/worker application you will be using, as described in Administrator Roles in the Help documentation.
    • Set the appropriate properties for the authscheme and authflow of your choice, as described in the following subsections.

    OAuth (Authorization Code grant)

    Set AuthScheme to OAuth.

    Desktop Applications

    Get and Refresh the OAuth Access Token

    After setting the following, you are ready to connect:

    • InitiateOAuth: GETANDREFRESH. To avoid the need to repeat the OAuth exchange and manually setting the OAuthAccessToken each time you connect, use InitiateOAuth.
    • OAuthClientId: The Client ID you obtained when you created your custom OAuth application.
    • OAuthClientSecret: The Client Secret you obtained when you created your custom OAuth application.
    • CallbackURL: The redirect URI you defined when you registered your custom OAuth application. For example: https://localhost:3333

    When you connect, the driver opens PingOne's OAuth endpoint in your default browser. Log in and grant permissions to the application. The driver then completes the OAuth process:

    1. The driver obtains an access token from PingOne and uses it to request data.
    2. The OAuth values are saved in the location specified in OAuthSettingsLocation, to be persisted across connections.

    The driver refreshes the access token automatically when it expires.

    For other OAuth methods, including Web Applications, Headless Machines, or Client Credentials Grant, refer to the Help documentation.

  4. After configuring the connection, click Save & Test to confirm a successful connection.

Configure API Server Users

Next, create a user to access your PingOne data through the API Server. You can add and configure users on the Users page. Follow the steps below to configure and create a user:

  1. On the Users page, click Add User to open the Add User dialog.
  2. Next, set the Role, Username, and Privileges properties and then click Add User.
  3. An Authtoken is then generated for the user. You can find the Authtoken and other information for each user on the Users page:

Creating API Endpoints for PingOne

Having created a user, you are ready to create API endpoints for the PingOne tables:

  1. First, navigate to the API page and then click Add Table .
  2. Select the connection you wish to access and click Next.
  3. With the connection selected, create endpoints by selecting each table and then clicking Confirm.

Gather the OData Url

Having configured a connection to PingOne data, created a user, and added resources to the API Server, you now have an easily accessible REST API based on the OData protocol for those resources. From the API page in API Server, you can view and copy the API Endpoints for the API:

Create Data Visualizations on External PingOne Data

  1. Open Spotfire and click Add Data Tables -> OData.
  2. In the OData Connection dialog, enter the following information:
    • Service URL: Enter the API Server's OData endpoint. For example: 
      http://localhost:8080/api.rsc
    • Authentication Method: Select Username and Password.
    • Username: Enter the username of an API Server user. You can create API users on the Security tab of the administration console.
    • Password: Enter the authtoken of an API Server user.
  3. Select the tables and columns you want to add to the dashboard. This example uses [CData].[Administrators].Users.
  4. If you want to work with the live data, click the Keep Data Table External option. This option enables your dashboards to reflect changes to the data in real time.

    If you want to load the data into memory and process the data locally, click the Import Data Table option. This option is better for offline use or if a slow network connection is making your dashboard less interactive.

  5. After adding tables, the Recommended Visualizations wizard is displayed. When you select a table, Spotfire uses the column data types to detect number, time, and category columns. This example uses Username in the Numbers section and Id in the Categories section.

After adding several visualizations in the Recommended Visualizations wizard, you can make other modifications to the dashboard. For example, you can apply a filter: After clicking the Filter button, the available filters for each query are displayed in the Filters pane.

Ready to get started?

Learn more or sign up for a free trial:

CData API Server

In this article

Related articles