[bd] API 1.6.3

[xfrocks]

@xfrocks
Many thanks for time dedicated on this example.
To be honest, me too, as @Davey-UK, finding it not very intuitive.
Everytime i'm filling the fields, i'm receiving some "?error=redirect_uri_mismatch" or just bunch of text on backend.

UPD:
Meanwhile found more detailed description of the process here: https://github.com/xfrocks/bdApi/blob/master/docs/api.markdown (about oauth2-2015030602 and whole the process). Will try to upgrade plugin again and test using info from here. Thanks!

I see your pain. It is being addressed and should make the process easier in the next release.

 

[Davey-UK]

The one thing i dont really get, is why is the option for api settings in every users control panel settings? I just basically want to use it to call up functions to display login etc, that i setup as an admin.
Looking forward to the next release.
I remember the api for VBulletin a number of years ago, where we added a file or files, then basically included an include in the page we wanted it to display, something like #include_login_form or something like.
Am i getting this api totally wrong in what it does?

 

[xfrocks]

The one thing i dont really get, is why is the option for api settings in every users control panel settings? I just basically want to use it to call up functions to display login etc, that i setup as an admin.
Looking forward to the next release.
I remember the api for VBulletin a number of years ago, where we added a file or files, then basically included an include in the page we wanted it to display, something like #include_login_form or something like.
Am i getting this api totally wrong in what it does?

Well, the old design only works if your other website happens to run on the same server. This add-on is designed to work even if your site is running on a different server. Much more flexible (so a bit more complicated).

The settings page in UCP is for user to manage which API client has access to which part of their account. You will find something similar if you use Facebook and visit their application management page.

 

[lol768]

In your demo, the API appears to support the resource manager. I'm working with some friends on a site which uses the resource manager, however there does not appear to be a controller in the ControllerApi directory that would support the functionality shown in your demo. Does this come from a newer version or a separate add-on?

 

[xfrocks]

In your demo, the API appears to support the resource manager. I'm working with some friends on a site which uses the resource manager, however there does not appear to be a controller in the ControllerApi directory that would support the functionality shown in your demo. Does this come from a newer version or a separate add-on?

Yeah, it is another add-on which provide API support for Resource Manager.

 

[lol768]

Yeah, it is another add-on which provide API support for Resource Manager.

Is this released?

 

[xfrocks]

Is this released?

It is not officially released since it's still under heavy development. But you can get the latest version here https://github.com/xfrocks/bdApiResource

 

[lol768]

@xfrocks

Not sure if you're familiar with GitHub's API system, but it has a concept of 'personal access tokens' which users can generate themselves for interacting with the API:


This would be a really cool addition if possible.

 

[xfrocks]

@xfrocks

Not sure if you're familiar with GitHub's API system, but it has a concept of 'personal access tokens' which users can generate themselves for interacting with the API:
View attachment 104010

This would be a really cool addition if possible.

Good idea.

 

[Warchamp7]

I'm getting a route not found error for all of the end points :X

bd API Consumer is working fine for me though

 

[xfrocks]

I'm getting a route not found error for all of the end points :X

bd API Consumer is working fine for me though

Looks like your site is using friendly SEO but you haven't configured .htaccess (or similar) for the api directory. [bd] API Consumer still works because it always use the "ugly" urls like api/index.php?oauth/token instead of api/oauth/token

 

[Warchamp7]

Looks like your site is using friendly SEO but you haven't configured .htaccess (or similar) for the api directory. [bd] API Consumer still works because it always use the "ugly" urls like api/index.php?oauth/token instead of api/oauth/token

Hmm, I'm running nginx. Would I just set a new location block for the api folder?

Edit: Did it with a rewrite

rewrite ^/api/(.*)$ /api/index.php?$1 break;

 

[xfrocks]

Hmm, I'm running nginx. Would I just set a new location block for the api folder?

Yes, if you want to use friendly url for the api urls then configure the block so it's similar to XenForo root. Next version of the API won't even generate friendly urls though.

 

[Abracadaniel]

@xfrocks
Many thanks for api-php-demo revamp. It's became very transparent and user-friendly now.
An excellent way to understand the mechanism.

 

[Abracadaniel]

Be warned, as this is the reason why [bd] Api is not currently supporting auth token in the header:
https://github.com/xfrocks/bdApi/pull/1

 

[Abracadaniel]

Is it possible to limit User Groups that could be authorized by API?

 

[xfrocks]

Is it possible to limit User Groups that could be authorized by API?

You can limit which user groups can create API client but not authorized via api. I think I can add a permission for that.

 

[Abracadaniel]

You can limit which user groups can create API client but not authorized via api. I think I can add a permission for that.

That would be convenient.
Want to prevent OAuth2 authorization for non-approved and banned accounts.

 

[xfrocks]

That would be convenient.
Want to prevent OAuth2 authorization for non-approved and banned accounts.

Well, you don't need to worry about banned users. Tokens that are granted for them won't work anyway.

 

[Abracadaniel]

Well, you don't need to worry about banned users. Tokens that are granted for them won't work anyway.

It's not possible to grant them in the first place if they are banned/not activated?
If so, this is wonderful