Read-only authenticated API access from external site?
-
Is there any way to access the read-only built-in api from an external site with programmatic authentication?
My forum is private so everything is restricted to logged in users only. This means If i want to integrate a "recent posts" display widget on my main site it wont work because the API call to mysite.com/api/recent will fail due to lack of a login cookie. I know with the write-api you can generate tokens and api keys but that api doesn't include any read-only endpoints (which i think is a huge oversight btw, at the very least it should allow you authenticated api access to endpoints that are traditionally locked down, like /api/user/:userid:). Is there any way to achieve this without making huge modifications to the write-api plugin?
-
ping @psychobunny any ideas? This has come up again. I want to create a script that reads the RSS feed for a category and outputs new posts to various locations (irc, slack, etc) but i can't do this without authentication since it's a private forum.
-
@julian Hey, I must be missing something. I installed the latest version of the write-api on my 0.7.x stable install and i'm unable to pull any of the authenticated read-only api calls, for example:
curl -H "Authorization: Bearer APIKEY" https://forum.nzb.cat/api/recentI get the same response regardless if I use a master token or a user token:
{"topics":[],"nextStart":20,"feeds:disableRSS":false,"rssFeedUrl":"/recent.rss","breadcrumbs":[{"text":"[[global:home]]","url":"/"},{"text":"[[recent:title]]"}],"loggedIn":false,"template":{"name":"recent","recent":true}}%I did test with the write endpoints to make sure the API was working correctly however I did seem to have an issue using master tokens when pulling a GET based endpoint. Adding ?_uid=n to the end of the URL did not work and using --data switched the type to POST instead which also didn't work.
