api (write plugin) upload - A valid login session was not found

General Discussion
  • how upload via api?
    here the c# code:

    var restClient = new RestSharp.RestClient(baseUrlApiV2); 
    var request = new RestSharp.RestRequest("/util/upload", RestSharp.Method.POST);
    request.AlwaysMultipartFormData = true;
    request.AddHeader("Content-Type", "multipart/form-data");
    request.AddHeader("Authentication", token);
    request.AddHeader("Authorization", token);
    request.AddFile("file[]", @"D:\phpbbAtach\54_0df4f16285a8bce30059e548f506fdf1", "image/png");
    IRestResponse response = restClient.Execute(request);
    var content = response.Content.Dump();

    the raw request:

    POST http://mysite.com/api/v2/util/upload HTTP/1.1
    Content-Type: multipart/form-data
    Authentication: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
    Authorization: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
    Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml
    User-Agent: RestSharp/
    Host: tchumim.com
    Content-Length: 24977
    Accept-Encoding: gzip, deflate
    Connection: Keep-Alive
    Content-Disposition: form-data; name="files[]"; filename="54_0df4f16285a8bce30059e548f506fdf1"
    Content-Type: image/png

    the response (401):

    {"code":"not-authorised","message":"A valid login session was not found. Please log in and try again.","params":{}}
  • Are you using Bearer authentication with a user or master token? If master token, a uid must be provided in the payload under the key _uid.

  • thank! right, its a master token, but even after I added the parameter, yet the same response!

    Content-Disposition: form-data; name="_uid"
    Content-Disposition: form-data; name="file[]"; filename="54_0df4f16285a8bce30059e548f506fdf1"
    Content-Type: image/png
  • now i have tried with a user token, and same response. other call api works.

    nodebb version 1.7.3

  • I have no choice but to do so with forms-authentication 😞

  • @david-levtov version 1.8.2 same issue

  • This post is deleted!
  • @foyangyu curl -H "Authorization: Bearer fba206bd-8f0d-491e-83a9-b08383a4c575" --data "title='NEW topic TITLE'&content='CONTENT MORE THAN 8'&cid=4" http://localhost:4567/api/v1/topics

    how fully i am

  • Hi all,

    Confirmed working, here's the curl call I used:

    $ cd /directory/with/file/to/upload
    $ curl -L https://localhost/forum/api/v2/util/upload?_uid=1 -H "Authorization: Bearer e3704a27-9368-4a3c-b743-0dbc5da08e39" -F "files[][email protected]"

    Keep in mind my local dev uses a subfolder, that's why I am calling localhost/forum. You might call your own hostname, url, or localhost:4567/api...

    Here is the return payload:

            "url": "/forum/assets/uploads/files/1524840237214-filename.jpg",
            "path": "/home/julian/Projects/nodebb/forum/public/uploads/files/1524840237214-filename.jpg",
            "name": "filename.jpg"
  • @julian said in api (write plugin) upload - A valid login session was not found:

    -F "files[]=@

    hi, I don't understand, when I want to update words and pics, how to write the curl ?
    thanks .

  • What did you try so far?

  • thanks, I try to use the
    curl -H "Authorization: Bearer {YOUR_TOKEN}" --data "title={TITLE}&content={CONTENT}&cid={CID}" http://localhost:4567/api/v1/topics
    to send posts, It's all right.
    Is there any samply about the "JSON Web Token " to send posts ?
    very thanks .

  • For anyone using NodeBB to upload a screenshot from node.js

    		const buffer = await createImage({
    			path: `screenshot/annotation:${ annotationID }`
    			, encoding: 'binary'
    		const result = await rp({
    			url: `${ endpoint }/util/upload?_uid=${ _uid }`,
    			method: 'POST',
    			json: true,
    			headers: {
    				, 'Content-Type': 'multipart/form-data'
    			formData: {
    				'files[]': {
    					value: buffer,
    					options: {
    						filename: `annotaion-${ annotationID }.jpg`,
    						contentType: 'image/jpg'

Suggested Topics

  • 0 Votes
    2 Posts


    The "top downloads" pie chart is a little misleading, actually. The package manager itself doesn't have any visibility on package downloads because those are done through npm, and not nbbpm itself. What it does track is how many people ask nbbpm to suggest a version to download.

    For example, if you run v1.8.1 and you want to download a plugin, the latest version might not be compatible, so the ACP will query nbbpm for a suggested version. That's counted as a "download" (since the "suggest" call is done behind the scenes and is opaque to the end user).

    So you could be seeing true downloads... people downloading your plugins... or someone's just hammering GET /api/v1/suggest?package=nodebb-plugin-prometheus a lot 😄

  • 0 Votes
    1 Posts

    I have an instance of nodebb running in a subfolder of another site that is served via https. I can view the forum site without any problems but cannot view or install plugins (its possible I cant do other things but this is the obvious problem at this point).

    The error I get is the following:

    Error parsing plugins : Hostname/IP doesn't match certificate's altnames: "Host: packages.nodebb.org. is not in the cert's altnames: DNS:[domain].com, DNS:www.[domain].com.

    How can I overcome this problem?

  • 0 Votes
    6 Posts

    @Peter-Zoltan-Keresztes Not to my knowledge... we're still using it here on this site 😟

    Perhaps ping @psychobunny ...?

  • 0 Votes
    5 Posts

    Yeah I could copy my user inside Redis but what is hard is when new user sign up in MySQL, to replicate this inside Redis
    Thanks for your help,

  • 35 plugins...

    General Discussion
    0 Votes
    1 Posts

    ... and that's just the ones listed in the Plugins category.


    To think the plugin system just opened up 4 months ago, that's astounding!