# Connecting to Productboard
Productboard is the product management system that helps product teams get the right products to market, faster. Over 3,000 modern, product-led companies, like Zendesk, UiPath, and Microsoft, use Productboard to understand what users really need, prioritize what to build next, and rally everyone around their roadmap.
**Topics**
+ [AWS Glue support for Productboard](productboard-support.md)
+ [Policies containing the API operations for creating and using connections](productboard-configuring-iam-permissions.md)
+ [Configuring Productboard](productboard-configuring.md)
+ [Configuring Productboard connections](productboard-configuring-connections.md)
+ [Reading from Productboard entities](productboard-reading-from-entities.md)
+ [Productboard connection options](productboard-connection-options.md)
+ [Creating an Productboard account](productboard-create-account.md)
+ [Limitations](productboard-connector-limitations.md)
# AWS Glue support for Productboard
AWS Glue supports Productboard as follows:
**Supported as a source?**
Yes. You can use AWS Glue ETL jobs to query data from Productboard.
**Supported as a target?**
No.
**Supported Productboard API versions**
v1
# Policies containing the API operations for creating and using connections
The following sample policy describes the required AWS permissions for creating and using connections. If you are creating a new role, create a policy that contains the following:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"glue:ListConnectionTypes",
"glue:DescribeConnectionType",
"glue:RefreshOAuth2Tokens",
"glue:ListEntities",
"glue:DescribeEntity"
],
"Resource": "*"
}
]
}
```
------
If you don't want to use the preceding method, alternatively, use the following managed IAM policies:
+ [ AWSGlueServiceRole ](https://console.aws.amazon.com/iam/home#policies/arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole) – Grants access to resources that various AWS Glue processes require to run on your behalf. These resources include AWS Glue, Amazon S3, IAM, CloudWatch Logs, and Amazon EC2. If you follow the naming convention for resources specified in this policy, AWS Glue processes have the required permissions. This policy is typically attached to roles specified when defining crawlers, jobs, and development endpoints.
+ [ AWSGlueConsoleFullAccess ](https://console.aws.amazon.com/iam/home#policies/arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess) – Grants full access to AWS Glue resources when an identity that the policy is attached to uses the AWS Management console. If you follow the naming convention for resources specified in this policy, users have full console capabilities. This policy is typically attached to users of the AWS Glue console.
# Configuring Productboard
Before you can use AWS Glue to transfer from Productboard, you must meet the following requirements:
## Minimum requirements
+ You have an Productboard account with email and password. For more information about creating an account, see [Creating a Productboard account](productboard-create-account.md).
+ You must have AWS Account created with the service access to AWS Glue.
+ You have a Productboard account’s authentication details - either JWT Token if one want to use Custom Auth or Client ID and secret if one want to use OAuth2.0.
+ If user wants to use `OAuth2.0`, [Register your application with Productboard](https://app.productboard.com/oauth2/applications/new) and setup the application by following the instructions at, [How to integrate with Productboard via OAuth2 - developer documentation](https://developer.productboard.com/docs/how-to-integrate-with-productboard-via-oauth2-developer-documentation).
If you meet these requirements, you’re ready to connect AWS Glue to your Productboard account. For typical connections, you don't need do anything else in Productboard.
# Configuring Productboard connections
Productboard supports custom authentication and `OAuth2.0`. For `OAuth2.0` Productboard supports the `AUTHORIZATION_CODE` grant type.
+ This grant type is considered “three-legged” `OAuth` as it relies on redirecting users to the third party authorization server to authenticate the user. It is used when creating connections via the AWS Glue Console. The user creating a connection may by default rely on a AWS Glue owned connected app where they do not need to provide any `OAuth` related information except for their Productboard Client ID and Client Secret. The AWS Glue Console will redirect the user to Productboard where the user must login and allow AWS Glue the requested permissions to access their Productboard instance.
+ Users may still opt to create their own connected app in Productboard and provide their own Client ID and Client Secret when creating connections through the AWS Glue Console. In this scenario, they will still be redirected to Productboard to login and authorize AWS Glue to access their resources.
+ This grant type results in a refresh token and access token. The access token is short lived, and may be refreshed automatically without user interaction using the refresh token.
+ For public Productboard documentation on creating a connected app for `AUTHORIZATION_CODE OAuth` flow, see [How to integrate with Productboard via OAuth2 - developer documentation](https://developer.productboard.com/docs/how-to-integrate-with-productboard-via-oauth2-developer-documentation).
To configure a Productboard connection:
1. In AWS Secrets Manager, create a secret with the following details:
+ For `OAuth` auth – For customer managed connected app: Secret should contain the connected app Consumer Secret with `USER_MANAGED_CLIENT_APPLICATION_CLIENT_SECRET` as key.
+ For `Custom auth` – For customer managed connected app: Secret should contain the connected app `JWT token` with `access_token` as key.
**Note**
It is a must to create a secret per connection in AWS Glue.
1. In AWS Glue Studio, create a connection under **Data Connections** by following the steps below:
1. When selecting a **Data Source**, select Productboard.
1. Select the IAM role for which AWS Glue can assume and has permissions for following actions:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:PutSecretValue",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
],
"Resource": "*"
}
]
}
```
------
1. Select Authentication Type to connect to data source:
+ For `OAuth` auth – Provide the `Token URL`, and `User Managed Client Application ClientId` of the Productboard app.
1. Select the `secretName` which you want to use for this connection in AWS Glue to put the tokens.
1. Select the network options if you want to use your network.
1. Grant the IAM role associated with your AWS Glue job permission to read `secretName`.
1. In your AWS Glue job configuration, provide `connectionName` as an Additional network connection.
# Reading from Productboard entities
**Prerequisites**
An Productboard Object you would like to read from. Refer the supported entities table below to check the available entities.
**Supported entities**
+ [Abuse-reports ](https://productboard.com/developer/marketing/api/campaign-abuse/)
+ [Automation](https://productboard.com/developer/marketing/api/automation/list-automations/)
+ [Campaigns](https://productboard.com/developer/marketing/api/campaigns/list-campaigns/)
+ [Click-details](https://productboard.com/developer/marketing/api/link-clickers/)
+ [Lists](https://productboard.com/developer/marketing/api/link-clickers/)
+ [Members](https://productboard.com/developer/marketing/api/list-segment-members/)
+ [Open-details](https://productboard.com/developer/marketing/api/list-members/)
+ [Segments](https://productboard.com/developer/marketing/api/list-segments/)
+ [Stores](https://productboard.com/developer/marketing/api/ecommerce-stores/list-stores/)
+ [Unsubscribed](https://productboard.com/developer/marketing/api/unsub-reports/)
| Entity | Can be Filtered | Supports Limit | Supports Order By | Supports Select \$1 | Supports Partitioning |
| --- | --- | --- | --- | --- | --- |
| Features | Yes | Yes | No | Yes | Yes |
| Components | No | Yes | No | Yes | No |
| Products | No | Yes | No | Yes | No |
| Feature Statuses | No | Yes | No | Yes | Yes |
| Custom Field Definitions | No | Yes | No | Yes | No |
| Custom Field Values | Yes | Yes | No | Yes | No |
**Example**
```
Productboard_read = glueContext.create_dynamic_frame.from_options(
connection_type="Productboard",
connection_options={
"connectionName": "connectionName",
"ENTITY_NAME": "feature",
"API_VERSION": "1"
}
```
**Productboard entity and field details**
+ [Features](https://developer.productboard.com/#tag/features)
+ [Components](https://developer.productboard.com/#tag/components)
+ [Feature statuses](https://developer.productboard.com/#tag/statuses)
+ [Products](https://developer.productboard.com/#tag/products)
+ [Custom fields definitions](https://developer.productboard.com/#tag/hierarchyEntitiesCustomFields)
+ [Custom fields values](https://developer.productboard.com/#tag/hierarchyEntitiesCustomFieldsValues)
# Productboard connection options
The following are connection options for Productboard:
+ `ENTITY_NAME`(String) – (Required) Used for Read/Write. The name of your Object in Productboard.
+ `API_VERSION`(String) - (Required) Used for Read. Productboard Engage Rest API version you want to use. For example: 3.0.
+ `SELECTED_FIELDS`(List) - Default: empty(SELECT \$1). Used for Read. Columns you want to select for the object.
+ `FILTER_PREDICATE`(String) - Default: empty. Used for Read. It should be in the Spark SQL format.
+ `QUERY`(String) - Default: empty. Used for Read. Full Spark SQL query.
# Creating an Productboard account
1. Navigate to the [Productboard sign up page](https://app.productboard.com/), enter your email ID and password, and then choose **Log me in**.
1. In the **Account Name** field, enter the name of your Productboard account, and then select the **I agree to the Privacy Policy check** box.
1. On the **Now create your workspace** page, in the **Workspace URL** field, enter the URL for your new workspace. Then choose **Continue** to proceed to the next page and provide the remaining details.
This creates your trial account. The trial account is free for 15 days. After the trial period expires, you can purchase a paid plan. Make a note of your email address, password, and workspace URL. You will need this information to access your account in the future."
**Registering an `OAuth2.0` application**
1. Navigate to the [Productboard login page](https://login.productboard.com/?locale=en), enter your email ID and password, and choose **Log in**.
1. Select the **User** icon in the upper-right corner, and then choose **Account and billing** from the dropdown menu.
1. Select **Extras** and choose **Registered apps** from the dropdown menu.
1. Locate and choose **Register An App**.
1. Enter the following details:
+ **App name** – Name of the app.
+ **Company / Organization** – Name of your Company or Organization.
+ **App website** – Website of the app.
+ **Redirect URI** – A Redirect URI pattern is a URI path (or comma-separated list of paths) to which Productboard can redirect (if requested) when the login flow is complete. For example, `https://ap-southeast-2\\.console\\.aws\\.amazon\\.com`
1. Choose **Create**.
1. The **Client ID** and **Client Secret** will now be visible. Copy and save them in a secure location. Then, choose **Done**.
**Note**
Your Client ID and Client Secret strings are credentials used to establish a connection with this connector when using AppFlow or AWS Glue.
**Retrieving CustomAuth Credentials**
1. Navigate to the [Productboard login page](https://app.productboard.com/), enter your email ID and password, and choose **Log me in**.
You will be redirected to the home page.
1. On the home page, navigate to **Workspace Settings** > **Integrations** > **Public APIs** > **Access Token**.
**Note**
If the **Public APIs** section is not visible, your account might be on the Essentials plan. Access to API tokens requires at least a Pro plan. Plan features and names are subject to change. For more information about the packages, see [Productboard pricing](https://www.productboard.com/pricing/).
1. Choose **\$1** to generate a new token, and make sure to securely store it for future reference.
**Creating `OAuth2.0` credentials**
To utilize `OAuth2.0` authentication with the Productboard connector, you need to register your application on the Productboard platform and generate a `Client ID` and `Client Secret`.
1. Navigate to the [Productboard login page](https://app.productboard.com/), enter your email ID and password, and choose **Log me in**.
1. To register new OAuth2 application with your Productboard account, navigate to [Producboard](to register new OAuth2 application with your Productboard account) page.
1. Complete the required fields and select the necessary scopes for each entity you wish to access.
**Note**
You have chosen the following four scopes, which are required for the six supported entities.
1. **Redirect URL** must have the following format: `https://ap-southeast-2\\.console\\.aws\\.amazon\\.com`
**Note**
The Appflow redirect URLs are subject to change. Once available, please update the redirect URLs for the AWS Glue platform.
1. The **Client ID** and **Client Secret** will now be visible. Copy and save them in a secure location.
1. You can set up and verify `OAuth2` by following the steps in the [How to Integrate with Productboard via OAuth2 developer](https://developer.productboard.com/docs/how-to-integrate-with-productboard-via-oauth2-developer-documentation) documentation.
# Limitations
The following are limitations for the Productboard connector:
+ Productboard doesn’t support either field based or record based partitioning.