I'd like to build a compliance check to verify hipchat users are active


#1

Here’s my scenario:

Using a compliance and orchestration tool that has the ability to call out using web APIs: (In this case, ForeScout CounterACT). I’d like to build a policy that during business hours if a user is logged into their workstation, they are also available (or at least logged in / connected) to HipChat. Natively with CounterACT I could check to see if the hipchat process (on Windows/Mac/*nix) is running, however that would not work if they were using a mobile client or a web client. I’d like to use the Web API to verify the user is logged in, and then I can use the API to store that as a token, and verify the endpoint “meets compliance”. I’m a bit confused by the model of building an “add-on” and assigning it to a room, etc. What would be the proper method for me to gain access to the web API of hipchat in order to query that active status of our users?


#2

Hi Paul,

The HipChat v2 API is what you’re looking for:
https://www.hipchat.com/docs/apiv2

And more specifically, the API method you’re looking for is View User:
https://www.hipchat.com/docs/apiv2/method/view_user

That method will tell you the last time a user was active.

Below is a step-by-step – of course, I recommend you navigate through the rest of the API docs to build your best approach to solving the problem.

  1. Create a personal access token. This is a quick and dirty way for you to access the REST API for your instance.
    a. Go to: https://www.hipchat.com/account/api
    b. In the Create new token form, provide name/label for the token (i.e. “Test Token”)
    c. In scopes, choose the View Group
    d. Click Create
    e. Copy the Token value

  2. Fetch a complete list of users across your entire HipChat instance
    Call https://YOURINSTANCE.hipchat.com/v2/user?auth_token=TOKENHERE

  3. Fetch the details about a single user – either the user_id or an email address can be used
    Call https://YOURINSTANCE.hipchat.com/v2/user/USERID?auth_token=TOKENHERE
    or
    Call https://YOURINSTANCE.hipchat.com/v2/user/EMAIL?auth_token=TOKENHERE

You’ll get something like this back:

{  
   "created":"2015-01-01T03:43:26+00:00",
   "email":"nmansilla@atlassian.com",
   "id":4350323034,
   "is_deleted":false,
   "is_group_admin":false,
   "is_guest":false,
   "last_active":"2017-09-07T21:51:44+0000",
   "mention_name":"NeilMansilla",
   "name":"Neil Mansilla",
   "presence":{  
      "client":{  
         "type":"http://hipchat.com/client/web",
         "version":"4.30.2"
      },
      "is_online":true,
      "show":"chat"
   },
   "roles":[  
      "user"
   ],
   "timezone":"US/Pacific",
   "title":"Head of Developer Experience",
}

And of course, the gold you’re looking for is in last_active and perhaps the presence object. This should be a good starting point.

Take care,
Neil