Through an i-Frame access logged in to a "Forum of discussion" created in Node BB

Hi Julian. Can I have an example of a call using cookies? 
For javascript language.

Hi Julian,
I just modified the file "src/controllers/write/users.js", as you indicated. Now I can generate the token.
Ok!
Grazie

@julian
Hi Julian, How are you?
I was able to test your indications, the results are different from what I expected.
The administrative user actually generates the token successfully.

While for a new user the indicated sequence does not have the same effect.

Where am I doing wrong?

I add the API calls to the nodeBB system below.

ADMINISTRATIVE USER "Carlo.Merola"

REQUEST LOGIN

	curl --request POST \
	  --url http://localhost:4567/api/v3/utilities/login \
	  --header 'Content-Type: application/json' \
	  --cookie express.sid=s%253AkHYV_owxQoxuaVwGKAA5DE0FpgOuW83p.lbtUZdJHW8LEgPy3GLYncwdLXuQTzsfi4ubk%252BZ5IFJo \
	  --data '{
		"username": "Carlo.Merola",
		"password": "omissis"
	}'

RESPONSE OK

	{
		"status": {
			"code": "ok",
			"message": "OK"
		},
		"response": {
			"uid": 3,
			"username": "Carlo.Merola",
			"userslug": "carlo-merola",
			"picture": "/assets/uploads/profile/3-profileavatar-1676988051741.png",
			"status": "offline",
			"postcount": 0,
			"reputation": 0,
			"email:confirmed": 1,
			"lastonline": 1681297625750,
			"flags": null,
			"banned": false,
			"banned:expire": 0,
			"joindate": 1674838394707,
			"fullname": null,
			"displayname": "Carlo.Merola",
			"icon:text": "C",
			"icon:bgColor": "#673ab7",
			"joindateISO": "2023-01-27T16:53:14.707Z",
			"lastonlineISO": "2023-04-12T11:07:05.750Z",
			"banned_until": 0,
			"banned_until_readable": "Not Banned"
		}
	}

REQUEST CONFIG

	curl --request GET \
	  --url http://localhost:4567/api/config \
	  --cookie express.sid=s%253AdWjgq6Xe5i388H4VEXhIzyr4um9uVeZB.bvy78e9PYmjNx%252FEmvR07DdjPD8UWvCDC7CyRiNSvI%252FQ

RESPONSE OK

	{
		"relative_path": "",
		"upload_url": "/assets/uploads",
		"asset_base_url": "/assets",
		"assetBaseUrl": "/assets",
		"siteTitle": "HyperCuTe",
		"browserTitle": "HyperCuTe",
		"titleLayout": "{pageTitle} | {browserTitle}",
		"showSiteTitle": true,
		"maintenanceMode": false,
		"minimumTitleLength": 3,
		"maximumTitleLength": 255,
		"minimumPostLength": 8,
		"maximumPostLength": 32767,
		"minimumTagsPerTopic": 0,
		"maximumTagsPerTopic": 5,
		"minimumTagLength": 3,
		"maximumTagLength": 15,
		"undoTimeout": 10000,
		"useOutgoingLinksPage": false,
		"allowGuestHandles": false,
		"allowTopicsThumbnail": true,
		"usePagination": true,
		"disableChat": false,
		"disableChatMessageEditing": false,
		"maximumChatMessageLength": 3000,
		"socketioTransports": [
			"polling",
			"websocket"
		],
		"socketioOrigins": "http://localhost:4567:*",
		"websocketAddress": "",
		"maxReconnectionAttempts": 5,
		"reconnectionDelay": 1500,
		"topicsPerPage": 20,
		"postsPerPage": 20,
		"maximumFileSize": 20480,
		"theme:id": "nodebb-theme-vanilla",
		"theme:src": "https://cdn.jsdelivr.net/npm/[email protected]/spacelab/bootstrap.min.css",
		"defaultLang": "it",
		"userLang": "it",
		"loggedIn": true,
		"uid": 3,
		"cache-buster": "v=88rphh6u1aq",
		"topicPostSort": "oldest_to_newest",
		"categoryTopicSort": "newest_to_oldest",
		"csrf_token": "vtVKfNxM-MmApXIW16ROi22mizlKf6QNyL-4",
		"searchEnabled": true,
		"searchDefaultInQuick": "titles",
		"bootswatchSkin": "",
		"enablePostHistory": true,
		"timeagoCutoff": 30,
		"timeagoCodes": [
			"af",
			"am",
			"ar",
			"az-short",
			"az",
			"be",
			"bg",
			"bs",
			"ca",
			"cs",
			"cy",
			"da",
			"de-short",
			"de",
			"dv",
			"el",
			"en-short",
			"en",
			"es-short",
			"es",
			"et",
			"eu",
			"fa-short",
			"fa",
			"fi",
			"fr-short",
			"fr",
			"gl",
			"he",
			"hr",
			"hu",
			"hy",
			"id",
			"is",
			"it-short",
			"it",
			"ja",
			"jv",
			"ko",
			"ky",
			"lt",
			"lv",
			"mk",
			"nl",
			"no",
			"pl",
			"pt-br-short",
			"pt-br",
			"pt-short",
			"pt",
			"ro",
			"rs",
			"ru",
			"rw",
			"si",
			"sk",
			"sl",
			"sq",
			"sr",
			"sv",
			"th",
			"tr-short",
			"tr",
			"uk",
			"ur",
			"uz",
			"vi",
			"zh-CN",
			"zh-TW"
		],
		"cookies": {
			"enabled": false,
			"message": "This website uses cookies to ensure you get the best experience on our website.",
			"dismiss": "Got it!",
			"link": "Learn More",
			"link_url": "https://www.cookiesandyou.com"
		},
		"thumbs": {
			"size": 512
		},
		"iconBackgrounds": [
			"#f44336",
			"#e91e63",
			"#9c27b0",
			"#673ab7",
			"#3f51b5",
			"#2196f3",
			"#009688",
			"#1b5e20",
			"#33691e",
			"#827717",
			"#e65100",
			"#ff5722",
			"#795548",
			"#607d8b"
		],
		"emailPrompt": 1,
		"useragent": {
			"isYaBrowser": false,
			"isAuthoritative": false,
			"isMobile": false,
			"isMobileNative": false,
			"isTablet": false,
			"isiPad": false,
			"isiPod": false,
			"isiPhone": false,
			"isiPhoneNative": false,
			"isAndroid": false,
			"isAndroidNative": false,
			"isBlackberry": false,
			"isOpera": false,
			"isIE": false,
			"isEdge": false,
			"isIECompatibilityMode": false,
			"isSafari": false,
			"isFirefox": false,
			"isWebkit": false,
			"isChrome": false,
			"isKonqueror": false,
			"isOmniWeb": false,
			"isSeaMonkey": false,
			"isFlock": false,
			"isAmaya": false,
			"isPhantomJS": false,
			"isEpiphany": false,
			"isDesktop": false,
			"isWindows": false,
			"isLinux": false,
			"isLinux64": false,
			"isMac": false,
			"isChromeOS": false,
			"isBada": false,
			"isSamsung": false,
			"isRaspberry": false,
			"isBot": false,
			"isCurl": false,
			"isAndroidTablet": false,
			"isWinJs": false,
			"isKindleFire": false,
			"isSilk": false,
			"isCaptive": false,
			"isSmartTV": false,
			"isUC": false,
			"isFacebook": false,
			"isAlamoFire": false,
			"isElectron": false,
			"silkAccelerated": false,
			"browser": "insomnia",
			"version": "2022.7.5",
			"os": "unknown",
			"platform": "unknown",
			"geoIp": {},
			"source": "insomnia/2022.7.5",
			"isWechat": false
		},
		"acpLang": "it",
		"openOutgoingLinksInNewTab": false,
		"topicSearchEnabled": false,
		"composer-default": {},
		"markdown": {
			"highlight": 1,
			"highlightLinesLanguageList": [],
			"theme": "default.css",
			"defaultHighlightLanguage": ""
		},
		"emojiCustomFirst": false
	}

REQUEST TOKEN

	curl --request POST \
	  --url http://localhost:4567/api/v3/users/3/tokens \
	  --header 'x-csrf-token: vtVKfNxM-MmApXIW16ROi22mizlKf6QNyL-4' \
	  --cookie express.sid=s%253AdWjgq6Xe5i388H4VEXhIzyr4um9uVeZB.bvy78e9PYmjNx%252FEmvR07DdjPD8UWvCDC7CyRiNSvI%252FQ

RESPONSE OK

	{
		"status": {
			"code": "ok",
			"message": "OK"
		},
		"response": {
			"token": "ac9bfc1e-e31d-4779-b900-71e3c15f5fac",
			"uid": 3,
			"description": "",
			"timestamp": 1681300461177
		}
	}

NEW REGISTERED USER "Soldatino"

REQUEST LOGIN

	curl --request POST \
	  --url http://localhost:4567/api/v3/utilities/login \
	  --header 'Content-Type: application/json' \
	  --cookie express.sid=s%253ATiY7RPVN5jBsBLpjCcf28kW_jh4-3R6P.eOp1l18tfazAfL2QvgpD%252BU9zoDv08X9KfJo4rE88O38 \
	  --data '{
		"username": "Soldatino",
		"password": "omissis"
	}'

RESPONSE OK

	{
		"status": {
			"code": "ok",
			"message": "OK"
		},
		"response": {
			"uid": 65,
			"username": "Soldatino",
			"userslug": "soldatino",
			"picture": null,
			"status": "offline",
			"postcount": 0,
			"reputation": 0,
			"email:confirmed": 1,
			"lastonline": 1681298877112,
			"flags": null,
			"banned": false,
			"banned:expire": 0,
			"joindate": 1679315311139,
			"fullname": null,
			"displayname": "Soldatino",
			"icon:text": "S",
			"icon:bgColor": "#673ab7",
			"joindateISO": "2023-03-20T12:28:31.139Z",
			"lastonlineISO": "2023-04-12T11:27:57.112Z",
			"banned_until": 0,
			"banned_until_readable": "Not Banned"
		}
	}

REQUEST CONFIG

	curl --request GET \
	  --url http://localhost:4567/api/config \
	  --cookie express.sid=s%253ATiY7RPVN5jBsBLpjCcf28kW_jh4-3R6P.eOp1l18tfazAfL2QvgpD%252BU9zoDv08X9KfJo4rE88O38

RESPONSE OK

	{
		"relative_path": "",
		"upload_url": "/assets/uploads",
		"asset_base_url": "/assets",
		"assetBaseUrl": "/assets",
		"siteTitle": "HyperCuTe",
		"browserTitle": "HyperCuTe",
		"titleLayout": "{pageTitle} | {browserTitle}",
		"showSiteTitle": true,
		"maintenanceMode": false,
		"minimumTitleLength": 3,
		"maximumTitleLength": 255,
		"minimumPostLength": 8,
		"maximumPostLength": 32767,
		"minimumTagsPerTopic": 0,
		"maximumTagsPerTopic": 5,
		"minimumTagLength": 3,
		"maximumTagLength": 15,
		"undoTimeout": 10000,
		"useOutgoingLinksPage": false,
		"allowGuestHandles": false,
		"allowTopicsThumbnail": true,
		"usePagination": true,
		"disableChat": false,
		"disableChatMessageEditing": false,
		"maximumChatMessageLength": 3000,
		"socketioTransports": [
			"polling",
			"websocket"
		],
		"socketioOrigins": "http://localhost:4567:*",
		"websocketAddress": "",
		"maxReconnectionAttempts": 5,
		"reconnectionDelay": 1500,
		"topicsPerPage": 20,
		"postsPerPage": 20,
		"maximumFileSize": 20480,
		"theme:id": "nodebb-theme-vanilla",
		"theme:src": "https://cdn.jsdelivr.net/npm/[email protected]/spacelab/bootstrap.min.css",
		"defaultLang": "it",
		"userLang": "it",
		"loggedIn": true,
		"uid": 65,
		"cache-buster": "v=88rphh6u1aq",
		"topicPostSort": "oldest_to_newest",
		"categoryTopicSort": "newest_to_oldest",
		"csrf_token": "p3Yq9OQ7-O1EpqDzJkX1TvWuJ1JzBvuAydpU",
		"searchEnabled": true,
		"searchDefaultInQuick": "titles",
		"bootswatchSkin": "",
		"enablePostHistory": true,
		"timeagoCutoff": 30,
		"timeagoCodes": [
			"af",
			"am",
			"ar",
			"az-short",
			"az",
			"be",
			"bg",
			"bs",
			"ca",
			"cs",
			"cy",
			"da",
			"de-short",
			"de",
			"dv",
			"el",
			"en-short",
			"en",
			"es-short",
			"es",
			"et",
			"eu",
			"fa-short",
			"fa",
			"fi",
			"fr-short",
			"fr",
			"gl",
			"he",
			"hr",
			"hu",
			"hy",
			"id",
			"is",
			"it-short",
			"it",
			"ja",
			"jv",
			"ko",
			"ky",
			"lt",
			"lv",
			"mk",
			"nl",
			"no",
			"pl",
			"pt-br-short",
			"pt-br",
			"pt-short",
			"pt",
			"ro",
			"rs",
			"ru",
			"rw",
			"si",
			"sk",
			"sl",
			"sq",
			"sr",
			"sv",
			"th",
			"tr-short",
			"tr",
			"uk",
			"ur",
			"uz",
			"vi",
			"zh-CN",
			"zh-TW"
		],
		"cookies": {
			"enabled": false,
			"message": "This website uses cookies to ensure you get the best experience on our website.",
			"dismiss": "Got it!",
			"link": "Learn More",
			"link_url": "https://www.cookiesandyou.com"
		},
		"thumbs": {
			"size": 512
		},
		"iconBackgrounds": [
			"#f44336",
			"#e91e63",
			"#9c27b0",
			"#673ab7",
			"#3f51b5",
			"#2196f3",
			"#009688",
			"#1b5e20",
			"#33691e",
			"#827717",
			"#e65100",
			"#ff5722",
			"#795548",
			"#607d8b"
		],
		"emailPrompt": 1,
		"useragent": {
			"isYaBrowser": false,
			"isAuthoritative": false,
			"isMobile": false,
			"isMobileNative": false,
			"isTablet": false,
			"isiPad": false,
			"isiPod": false,
			"isiPhone": false,
			"isiPhoneNative": false,
			"isAndroid": false,
			"isAndroidNative": false,
			"isBlackberry": false,
			"isOpera": false,
			"isIE": false,
			"isEdge": false,
			"isIECompatibilityMode": false,
			"isSafari": false,
			"isFirefox": false,
			"isWebkit": false,
			"isChrome": false,
			"isKonqueror": false,
			"isOmniWeb": false,
			"isSeaMonkey": false,
			"isFlock": false,
			"isAmaya": false,
			"isPhantomJS": false,
			"isEpiphany": false,
			"isDesktop": false,
			"isWindows": false,
			"isLinux": false,
			"isLinux64": false,
			"isMac": false,
			"isChromeOS": false,
			"isBada": false,
			"isSamsung": false,
			"isRaspberry": false,
			"isBot": false,
			"isCurl": false,
			"isAndroidTablet": false,
			"isWinJs": false,
			"isKindleFire": false,
			"isSilk": false,
			"isCaptive": false,
			"isSmartTV": false,
			"isUC": false,
			"isFacebook": false,
			"isAlamoFire": false,
			"isElectron": false,
			"silkAccelerated": false,
			"browser": "insomnia",
			"version": "2022.7.5",
			"os": "unknown",
			"platform": "unknown",
			"geoIp": {},
			"source": "insomnia/2022.7.5",
			"isWechat": false
		},
		"acpLang": "it",
		"openOutgoingLinksInNewTab": false,
		"topicSearchEnabled": false,
		"composer-default": {},
		"markdown": {
			"highlight": 1,
			"highlightLinesLanguageList": [],
			"theme": "default.css",
			"defaultHighlightLanguage": ""
		},
		"emojiCustomFirst": false
	}

REQUEST TOKEN

	curl --request POST \
	  --url http://localhost:4567/api/v3/users/65/tokens \
	  --header 'x-csrf-token: p3Yq9OQ7-O1EpqDzJkX1TvWuJ1JzBvuAydpU' \
	  --cookie express.sid=s%253ATiY7RPVN5jBsBLpjCcf28kW_jh4-3R6P.eOp1l18tfazAfL2QvgpD%252BU9zoDv08X9KfJo4rE88O38

RESPONSE NOK

	{
		"status": {
			"code": "forbidden",
			"message": "You do not have enough privileges for this action."
		},
		"response": {}
	}

Thank you for the time you have dedicated to me.
Now I do some tests,
I try to do it.

sorry for my confusion.

I do not know what you mean.
I call only /api/v3

When I call /api/config, I just get this below:

"csrf_token": "5QqLa7mm-JTOaABefScoyGw6n3jrmsYSrHno",

Do you need to convert it to hexadecimal?

How do you make the csrf_token?

"csrf_token=ab57cdb4f7134f3ea54ba1d8601458d3695d6bc856fc26a377503f44f83ce6591d83ddff1a029faa5f7df869e9495e125b90c60fa67cdd6a8c0968a3447eda9c"

Can anyone send me a complete example of how to use the "csrf token" received by calling the /api/config endpoint?

Hi, I'm developing a mobile app and I also have to add a specific feature which, within an i-Frame, must access logged in to a specific "Discussion Forum"  created on Node installed on our unix machine.

To access the specific "Discussion Forum" onto the i-Frame I I first tried to invoke the "http://localhost:4567/api/v3/utilities/login" API to logged in, but then when I  access to the i-Frame to view the discussion forum, I am not logged in.

Does anyone have any examples to show me on how this can be done?

curl --request POST
--url http://localhost:4567/api/v3/utilities/login
--header 'Content-Type: application/json'
--cookie express.sid=s%253A0CeC6fT33naRGdLKqGWJfiRgeMSF0RNf.fRo8vw8Na0coWmVsqoLHJVpNoN%252FMRsh%252FGB%252F7eTYIEdE
--data '{
"username": "Soldatino",
"password": "s3cre7password"
}'

curl --request GET
--url http://localhost:4567/api/config
--cookie express.sid=s%253A0CeC6fT33naRGdLKqGWJfiRgeMSF0RNf.fRo8vw8Na0coWmVsqoLHJVpNoN%252FMRsh%252FGB%252F7eTYIEdE

curl --request POST
--url http://localhost:4567/api/v3/users/65/tokens
--header 'Content-Type: application/json'
--header 'X-Csrf-Token: 6shtSbjj-tgQ9z509Qd6vhVuzS7nd9GwMVbE'
--cookie express.sid=s%253A0CeC6fT33naRGdLKqGWJfiRgeMSF0RNf.fRo8vw8Na0coWmVsqoLHJVpNoN%252FMRsh%252FGB%252F7eTYIEdE

When I pass the x-csrf-token obtained with GET /config the result is always the same.

"Forbidden"

HELLO, PLEASE, AN EXAMPLE OF A CALL USING THE CSRF-TOKEN?

I AM USING THIS CALL, IT RETURNS "forbidden"

curl --request POST
--url http://localhost:4567/api/v3/users/65/tokens
--header 'Content-Type: application/json'
--header 'x-csrf-token: 6OJjuvJ1-JQCwOfC3g30g5NuSF6X1zlOXsQU'
--cookie express.sid=s%253A4KkbwVyP_B7NWhdU3oE3LkLWtC6jsIxQ.Lgiri8aeYIVk5tIgk7uuN%252BTqvO3Cp9zLHUts2LtvU2E

what am I doing wrong?

Thank you so much for the time you gave me.
But I don't understand why the creation of the user token for each user from the master token doesn't work.
Where am I wrong?

<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "http://localhost:4567/api/v3/users/65/tokens",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\n\t"_uid": 65\n}\n",
CURLOPT_COOKIE => "express.sid=s%253A4LJ4VwxZXxtNg9qGh8yoq-OphkRQrcs3.M6EW%252FB%252BiwxTcwTo0atCsqvcFugMR%252B8H7v1iFSIFBIzM",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer 05a87379-9274-4bf3-93fb-ca5ec0ded3e2", // MASTER TOKEN
"Content-Type: application/json"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}

<your-token-here> how do I get the token?

Are you referencing the /admin/settings/api page?
Because this solution I can not adopt it.
I need to authenticate with login and password then launch another page where I have already been authenticated.

I was thinking about the API
POST
http://localhost:4567/api/v3/utilities/login
{
"username": "user",
"password": "password"
}

redirect the page to a specific category.

That's right, it would be useful to know how to develop code making REST API calls in PHP, specific to authentication and iframe control passing.

Hello, I have installed and updated to nodeBB v.2.8.10 release on Ubuntu 20.04.5 LTS.
I want to start integrating this fantastic product, need examples to use REST API in PHP language.
I linked to the reference documentation at the link https://docs.nodebb.org/api/ , didn't find any examples.
Can you help me?