Marwen M.

Commented on How to Call an API Endpoint with OAuth and mTLS: A...·Posted inCommunity Questions

Marwen M.

Hi Thorsten, You generally have two patterns depending on the API:

Option A (most common)

Use:

OAuth2 Account → to obtain access token
HTTP Client snap→ to call API with mTLS

=> In this case:

OAuth token is fetched separately
mTLS is configured on the HTTP transport (Snap)

Option B (if OAuth endpoint itself requires mTLS)

This is the tricky case. SnapLogic’s SSL OAuth2 Account documentation does NOT explicitely mentions support for true mTLS nor describe any mTLS OAuth flow (though you can give it a try). => There is a workaround:

Use a REST Snap with client cert configured
Call the token endpoint manually
Store/access token dynamically (e.g., pipeline parameter or cache)

Commented on Understanding Pipeline Permission Levels: Allowing...·Posted inCommunity Questions

Marwen M.

You're welcome!

Commented on Understanding Pipeline Permission Levels: Allowing...·Posted inCommunity Questions

Marwen M.

Hi Tom, What you’re trying to achieve is correct in principle, but the behavior you’re seeing usually comes from how permissions are combined across project spaces in SnapLogic. Permissions are additive, meaning a user can end up with higher privileges if they inherit them from another role, group, or parent project space. So even if you explicitly grant “Read & Execute” on the target project space, users can still edit pipelines if they also have: “Write” or “Full Access” on the same project space (via another group), or

Higher permissions inherited from a parent project space
User being an Org admin

What to check

1.
Project Space hierarchyEnsure the target project space is not inheriting broader permissions from a parent space.
2.
Group memberships, Verify the users are not part of another group that grants Write or higher access.

Direct vs inherited permissions : Even if “Read & Execute” is set locally, inherited permissions can override your intention (Propagate permission check box, if you're using project folders).

About

Company
Title
Technical lead

Commented on How to Call an API Endpoint with OAuth and mTLS: A...·Posted inCommunity Questions

Marwen M.

Hi Thorsten, You generally have two patterns depending on the API:

Option A (most common)

Use:

OAuth2 Account → to obtain access token
HTTP Client snap→ to call API with mTLS

=> In this case:

OAuth token is fetched separately
mTLS is configured on the HTTP transport (Snap)

Option B (if OAuth endpoint itself requires mTLS)

Use a REST Snap with client cert configured
Call the token endpoint manually
Store/access token dynamically (e.g., pipeline parameter or cache)

Commented on Understanding Pipeline Permission Levels: Allowing...·Posted inCommunity Questions

Marwen M.

You're welcome!

Commented on Understanding Pipeline Permission Levels: Allowing...·Posted inCommunity Questions

Marwen M.

Higher permissions inherited from a parent project space
User being an Org admin

What to check

1.
Project Space hierarchyEnsure the target project space is not inheriting broader permissions from a parent space.
2.
Group memberships, Verify the users are not part of another group that grants Write or higher access.

Direct vs inherited permissions : Even if “Read & Execute” is set locally, inherited permissions can override your intention (Propagate permission check box, if you're using project folders).

About

Company
Title
Technical lead