Ability to specify the contact person on a role when it is created through the API

[steinwelberg]

Currently the contact person for roles created through an API key are always the person that owns the API key. This leads to situations where a the owner of the API key gets contacted for expired invites while they don't know anything about the role as they do not even have to be the role manager.

This is currently happening for the roles created for the SURF Developer Platform.

[oharsta]

@steinwelberg Do you use the endpoint /api/external/v1/roles using an Organisation API key or the endpoint /api/external/v1/internal/invite/roles using basic authentication? And which attribute of a role do you refer to, when you write contact person for roles?

It is true that if you use the second endpoint the attribute remoteApiUser is automatically set to the userName of the basic authentication. You do however have the ability to specify an inviterDisplayName, which is a free format field that is used in the invitation emails for this role. Does that suffice?

[steinwelberg]

We are using the first endpoint with an Org API key. Can we do the same with this endpoint?

[oharsta]

Yes. You can specify both the inviterDisplayName and remoteApiUser and those values from the POST body will be used. Does that suffice? The Invited by column in the GUI will still show the name of the user who owns the API key. This is more difficult to change, because an invitation created with Organisation API key requires an inviter_id which is a foreign key to the users table.

[steinwelberg]

I take it the end-user receiving the invitation will only see the values from the inviterDisplayName and remoteApiUser, right? If that is the case then this suffices for us indeed.

[oharsta]

The end-user will see the inviterDisplayName in the invitation email and when the user accepts the invitation. The remoteApiUser is not used in the communication with the end-user.

[oharsta]

Closed as current functionality suffices.