const api = await app.require('api');
You can only use this from within browser dev console (and some limited other places).
Instead you should use
require(['api'], (api) => { api.put(`/groups/test/membership/1550`).then(() => { ... }); });Is there a way to turn off the GET API without a token?
Who do you want to restrict it from?
I would like to block it from everyone. I don't want scrappers to have it be that easy i want them to have a bit of a challenge. ideally this would work on a token basis as the write api does. if i can't have that i would like to just be turned off
Unfortunately the "GET API" as you call it is integral to the functionality of NodeBB on the client-side. During the normal usage of NodeBB, it is constantly using the /api
to load new pages, etc. It's not something that can be turned off, but it might be possible to restrict it to only accessible to users with a certain cookie. This doesn't currently exist, though.
You can open an issue on Github if you'd like this looked into further.