Appearance
P1PS Frequently Asked Questions
General
Q: What is the base URL to use for HTTP requests to P1PS from within a Party Bus cluster (IL2 staging, IL2 prod, etc)?
- A: All impact levels and environments use
http://p1ps.p1ps.svc.cluster.local:8000. This value is also stored as theP1PS_BASE_URLenvironment variable and is automatically injected into your PB application.
- A: All impact levels and environments use
Q: What is the base URL to use for HTTP requests to P1PS from a local development environment (outside a Party Bus cluster)?
- A: Use the appropriate P1PS staging URL based on the impact level (IL):
- IL2:
https://p1ps-il2.staging.dso.mil/api - IL4:
https://p1ps-il4.staging.dso.mil/api - IL5:
https://p1ps-il5.staging.dso.mil/api - Because local development is typically outside the Party Bus cluster, requests will go through P1 SSO ( Keycloak). Refer to the Development Tips documentation for information on working around Keycloak here.
- IL2:
- A: Use the appropriate P1PS staging URL based on the impact level (IL):
Q: How often do P1PS API tokens need to be renewed?
- A: P1PS does not enforce token expiration. Token rotation policies are managed by individual customer teams.
Q: How would I add a new recipient email domain?
- A: P1PS maintains an allowlist of email recipient domains approved by Cyber. To view currently approved domains, visit:
/domainsat the IL and Env intended. To request the addition of new domains, specify them when submitting a P1PS email template request for Cyber review here, or if you already have an approved template but want to add additional email domains, you can submit a general help request here.
- A: P1PS maintains an allowlist of email recipient domains approved by Cyber. To view currently approved domains, visit:
Q: When working with P1PS in a local development environment, how do I make authenticated requests through Keycloak?
- A: Include the
__Host-p1ps-{il}-staging-authservice-session-id-cookie(replace{il}with the appropriate impact level) from your browser session in thecookieheader of your requests. Be aware that this cookie value changes approximately every hour. Usingcurlis recommended for debugging these requests. - Example:bashMake absolutely sure the cookie is retrieved from the correct URL (staging vs. prod) and impact level, and that there are no extra characters (like a trailing semicolon). The request must also include the
curl -vvv -H "cookie: __Host-p1ps-il4-staging-authservice-session-id-cookie=5...A" https://p1ps-il4.staging.dso.mil/api/domainscookie:prefix in the header.
- A: Include the
Q: Are the
P1PS_AUTH_TOKEN,P1PS_BASE_URL, andP1PS_TEAM_IDenvironment variables set for containers deployed in staging and production?- A: Yes, these are set by the MDO team in collaboration with the Bullhorn team when a new team is onboarded to use P1PS. The values are also sent to POCs listed on the request form. Containers may need to be restarted to pick up the changes.
Q: Is there an easier way to use P1PS other than the API?
- A: Yes! We now have our P1PS UI at each impact level and environment (IL2 staging, IL2 prod, etc) that allows users to view whitelisted email domains, view their team's email templates and sent emails, create new team tokens, and even send emails directly from the UI! Check it out here
Kubernetes and Secrets
Q: What is the K8s secret name we should reference in our manifests?
- A:
P1PS_SECRETS. More details can be found here
- A:
Q: What ENV variables will be provided?
- A:
P1PS_TEAM_ID,P1PS_AUTH_TOKEN,P1PS_BASE_URL. More details can be found here
- A:
Keycloak and Access
- Q: What Keycloak group do I need to be a part of to access the P1PS UI?
- A:
/Platform One/Products/P1PS/IL2/teams/[TeamName]. For example,/Platform One/Products/P1PS/IL2/teams/my-team
- A:
API Testing
- Q: How can I test out the P1PS API before attempting it in our PB application?
- A: Check out our page on development tips for testing locally here
Email Domains
Q: What types of templates require specific recipient domain whitelisting?
- A: Dynamic templates (where you can substitute pieces of information in the email message) require that each recipient's email address have its domain whitelisted in P1PS. You can see the current list of approved domains at the
/domainsendpoint in the P1PS UI, ex: https://p1ps-il2.apps.dso.mil/domains
- A: Dynamic templates (where you can substitute pieces of information in the email message) require that each recipient's email address have its domain whitelisted in P1PS. You can see the current list of approved domains at the
Q: What is the process to just get a new email domain added to the whitelisted domains?
- A: Preferably this would be requested and added when a new email template is requested, but for adding new email domains you can submit a general help request here for the domain to be whitelisted. Please also include the justification for the domain to be whitelisted so the P1 Cyber team is aware of the use case.
Q: Do we need to verify recipient emails?
- A: You do not need to verify each individual recipient, but P1PS ensures that the email domain of each recipient is allowable before sending emails that are based on dynamic templates. Make sure any new dynamic template requests include all email domains that you expect to send emails to.
Email Sending and Templates
Q: I was able to successfully send an email to a recipient, but they never received it; what gives?
- A: Some email servers "flag" these "automated" emails and don't allow them through due to DMARC ( Domain-based Message Authentication, Reporting, and Conformance) restrictions or otherwise. Checkout AWS's documentation for more information here. If you continue to have issues, contact us directly at our P1PS IL2 MM help channel to further debug
Q: What do I have to do if I just want to update a previously-approved email template?
- A: This will require a new template request, but please indicate that it is just a revision/update and if possible link the previous P1PS ticket so we can expedite the process.
Q: Can we modify what the "From" email address is? Does it have to be a real email address?
- A: The "From" email is required and must be a valid email address. If not specified, we default to "no-reply@dso.mil". We can change this, but it must be a valid email address, as any new "From" email address must be verified. A verification link will be sent to the new "From" address and must be clicked to complete the verification process. Emails will fail to send if the "From" email address is not verified.
Q: I want the "From" email to appear to be from my application, but the actual email address doesn't matter. Is this possible?
- A: Yes, we can set a "Sender Name" which is an alias. This does not require verification and does not need to be a valid email address. This can be requested with any new email template, or you can submit a general help request here
Need Help?
If you have any questions or require assistance, please don't hesitate to reach out on our support channel on IL2 Mattermost.