Read-only authenticated API access from external site?
Is there any way to access the read-only built-in api from an external site with programmatic authentication?
My forum is private so everything is restricted to logged in users only. This means If i want to integrate a "recent posts" display widget on my main site it wont work because the API call to mysite.com/api/recent will fail due to lack of a login cookie. I know with the write-api you can generate tokens and api keys but that api doesn't include any read-only endpoints (which i think is a huge oversight btw, at the very least it should allow you authenticated api access to endpoints that are traditionally locked down, like /api/user/:userid:). Is there any way to achieve this without making huge modifications to the write-api plugin?
ping @psychobunny any ideas? This has come up again. I want to create a script that reads the RSS feed for a category and outputs new posts to various locations (irc, slack, etc) but i can't do this without authentication since it's a private forum.
The read only api should accept the tokens generated via the write api... as of perhaps 2-3 weeks ago.
Aaaaaamazing. Thank you very much @julian
@julian Hey, I must be missing something. I installed the latest version of the write-api on my 0.7.x stable install and i'm unable to pull any of the authenticated read-only api calls, for example:
curl -H "Authorization: Bearer APIKEY" https://forum.nzb.cat/api/recent
I get the same response regardless if I use a master token or a user token:
I did test with the write endpoints to make sure the API was working correctly however I did seem to have an issue using master tokens when pulling a GET based endpoint. Adding ?_uid=n to the end of the URL did not work and using --data switched the type to POST instead which also didn't work.
xiaoxin last edited by
I know this post is a little old, but I wan to know if it is resolved since I have the same situation