Read-only authenticated API access from external site?


  • GNU/Linux

    Is there any way to access the read-only built-in api from an external site with programmatic authentication?

    My forum is private so everything is restricted to logged in users only. This means If i want to integrate a "recent posts" display widget on my main site it wont work because the API call to mysite.com/api/recent will fail due to lack of a login cookie. I know with the write-api you can generate tokens and api keys but that api doesn't include any read-only endpoints (which i think is a huge oversight btw, at the very least it should allow you authenticated api access to endpoints that are traditionally locked down, like /api/user/:userid:). Is there any way to achieve this without making huge modifications to the write-api plugin?


  • GNU/Linux

    ping @psychobunny any ideas? This has come up again. I want to create a script that reads the RSS feed for a category and outputs new posts to various locations (irc, slack, etc) but i can't do this without authentication since it's a private forum.


  • Admin

    The read only api should accept the tokens generated via the write api... as of perhaps 2-3 weeks ago. :)


  • GNU/Linux

    Aaaaaamazing. Thank you very much @julian


  • GNU/Linux

    @julian Hey, I must be missing something. I installed the latest version of the write-api on my 0.7.x stable install and i'm unable to pull any of the authenticated read-only api calls, for example:

    curl -H "Authorization: Bearer APIKEY" https://forum.nzb.cat/api/recent

    I get the same response regardless if I use a master token or a user token:

    {"topics":[],"nextStart":20,"feeds:disableRSS":false,"rssFeedUrl":"/recent.rss","breadcrumbs":[{"text":"[[global:home]]","url":"/"},{"text":"[[recent:title]]"}],"loggedIn":false,"template":{"name":"recent","recent":true}}%

    I did test with the write endpoints to make sure the API was working correctly however I did seem to have an issue using master tokens when pulling a GET based endpoint. Adding ?_uid=n to the end of the URL did not work and using --data switched the type to POST instead which also didn't work.



  • I know this post is a little old, but I wan to know if it is resolved since I have the same situation:smile:


Log in to reply
 

Looks like your connection to NodeBB was lost, please wait while we try to reconnect.