How to authenticate against Read API?
-
Via a (python) script I would like to retrieve data from pages that are only accessible when logged in. Like for example https://community.nodebb.org/unread
In order to get access, the script needs to authenticate, but I have no idea how to do that. This was my attempt:
import requests username = 'USERNAME' password = 'PASSWORD' url = 'https://community.nodebb.org/api/unread' r = requests.get(url, auth=(username, password)) page = r.content print(page)
which outputs:
b'{"status":{"code":"forbidden","message":"You are not authorised to make this call"},"response":{}}'
In some places here in the forum I read that you should do it with the write api plugin. However, this is deprecated, the new approach lacks clear documentation (at least for me) and besides, I don't understand how it should work if you can't install a plugin and generate tokens (as in the case of community.nodebb.org).
It would be very helpful if someone could provide a very simple code snippet that outlines how it should work.
Many thanks in advance!
-
Try to generate a master token within the ACP. This master token is used as a bearer token to identify.
Genrate your API-Token here:
http://192.168.178.115:4567/admin/settings/apiThis snippted should work (not tested):
Token:
67f25233-9f8a-4974-b209-5e9a2a5c5ce0
import requests headers = {"Authorization": "Bearer 67f25233-9f8a-4974-b209-5e9a2a5c5ce0"} url = 'https://community.nodebb.org/api/unread' print(requests.get(endpoint, headers=headers).json())
Token for a specific user could be generated via write api and the master token.
Take a look here:
https://community.nodebb.org/topic/15271/generating-bearer-token-with-write-api/2?_=1610625824799 -
@dogs Thanks a lot for your reply!
I just can't see how a locally generated Bearer should work with community.nodebb.org instance? (yes, for now I really want to read the data from https://community.nodebb.org/api/unread) -
@greyteapot I'm sorry. Blame on me. I thought that community.nodebb.org ist just an alias for your own instance.
Authentication is handled either via HTTP Bearer Token or JSON Web Token, as generated/specified in the Write API.
GitHub - NodeBB/nodebb-plugin-write-api: A RESTful JSON-speaking API allowing you to write things to NodeBB
A RESTful JSON-speaking API allowing you to write things to NodeBB - NodeBB/nodebb-plugin-write-api
GitHub (github.com)
So I think there is no way for you to read user specific data on community.nodebb.org.
But for your own instance you would use the generated bearer token.