[bd] API

[bd] API 1.6.3

No permission to download
I'm struggling on how to make use of the one time token? Passing it as oauth_token in body/params/etc just results in invalid_token error. I'm still using Xf1 and bdapi v1.6.1.

Is it for example, possible to make a post using the one time token?
 
Last edited:
I'm struggling on how to make use of the one time token? Passing it as oauth_token in body/params/etc just results in invalid_token error. I'm still using Xf1 and bdapi v1.6.1.

Is it for example, possible to make a post using the one time token?
Yes, OTT acts just like normal token. If it said invalid, maybe your token was not generated correctly?
 
Yes, OTT acts just like normal token. If it said invalid, maybe your token was not generated correctly?
Hmm, token is definitely being generated properly, including the commas within the string i.e.

PHP:
$userId = 111;
$accessToken = "0150e4c39c88886db99cb3afeb481051b146feeb";
$clientId = "a5e3ba582f804687abceca11207b15e1";
$clientSecret = "clientsecretstring";
$ttl = 4000;
   $timestamp = time() + $ttl;
$once = md5($userId . $timestamp . $accessToken . $clientSecret);

$ott = sprintf('%d,%d,%s,%s', $userId, $timestamp, $once, $clientId);

Then sending a GET request to /api/forums with parameters oauth_token=111,1561295269,E1B2DB415FF8CD977D23FB43E5872B0A,a5e3ba582f804687abceca11207b15e1&forum_id=3 .

But receiving invalid token. Using the raw $accessToken works fine. Any other suggestions I can look into?
 
Hmm, token is definitely being generated properly, including the commas within the string i.e.

PHP:
$userId = 111;
$accessToken = "0150e4c39c88886db99cb3afeb481051b146feeb";
$clientId = "a5e3ba582f804687abceca11207b15e1";
$clientSecret = "clientsecretstring";
$ttl = 4000;
   $timestamp = time() + $ttl;
$once = md5($userId . $timestamp . $accessToken . $clientSecret);

$ott = sprintf('%d,%d,%s,%s', $userId, $timestamp, $once, $clientId);

Then sending a GET request to /api/forums with parameters oauth_token=111,1561295269,E1B2DB415FF8CD977D23FB43E5872B0A,a5e3ba582f804687abceca11207b15e1&forum_id=3 .

But receiving invalid token. Using the raw $accessToken works fine. Any other suggestions I can look into?
Your md5 is in upper case? That's weird, try converting to lower. Also, are you sure the client id is correct? The ID generated by this add-on (XF1 version) is way shorter than that.
 
Your md5 is in upper case? That's weird, try converting to lower. Also, are you sure the client id is correct? The ID generated by this add-on (XF1 version) is way shorter than that.
Ah apologies, I'm performing the equivalent steps in C# hence the capitalisation. I generated the client IDs and secrets myself.

But I have run the exact same code as per your docs in PHP to ensure the OTT being produced is the same, which it is, but still running into this error.

Not at home at the moment so will have another good look later but quite sure that client ID is correct.

Could the Id length be causing an issue?
 
As long as it is the correct id in the database, any length should be okie.
Ok I think I just figured it out. Think the break did me good. Believe I was passing the wrong user Id (pulling the id from the local DB instead of the forum ID). Just about to test it, will report back shortly :)
 
Ok, it's working in PHP so technically you were correct about the token not begin generated properly. The second issue I think I have from the .NET app is the Md5 function but that shouldn't take long to sort. Thanks for your help :)

Sorted: Seems the check comparing provided one time token is case sensitive for the md5 hash!

Totally different question: In the docs it mentions being able to use AES128 encryption to encrypt the client_secret when it is being sent instead of sending the client_secret raw. Is this correct?
 
Last edited:
Totally different question: In the docs it mentions being able to use AES128 encryption to encrypt the client_secret when it is being sent instead of sending the client_secret raw. Is this correct?

That applies for password only. e.g. for request that needs password (login or change password), you can encrypt the password instead of sending it in plain text. But these day you should use https anyway so this kind of protection is not as important.
 
Hi folks,

Can anyone point me to documentation for [bd]API 2.1, which I can't seem to find? I can install the add on (and the WP consumer plugin too), see the add-on and can set the options, but where do I create the clients and keys/secrets so I can connect to WP?

Thank you!
 
Thank you for prompt reply. It helped, created client and all required API modules have been found in WP. However, connecting an Admin account returns 401 header and an XF page ‘invalid client’. Could be because I haven’t updated the WP XenForo API Consumer (current version 1.3.0b), will do that and see if it solves the problem. Thanks!
 
in this api https://xenforo.com/community/threads/xenapi-xenforo-php-rest-api.34270
have: authenticate, getUser, getuserupgrade e edituser_custom_fields

with these bd-api, what are they equivalent to?

This add-on supports OAuth2 for authorization. There are a few different working modes, the simplest one let you use username/password combination. For other methods:

 
Thanks, getuserupgrade is very important for forums that have paid registration systems. do you think to introduce it?
The user group system in XF is pretty unique so it doesn't make sense to expose to external system. In our experience, if you want to sync paid user status, it's simpler to sync user groups (normally user group adds user into special group). This add-on also include websub support so it's pretty efficient.
 
Just wondering, can you confirm whether BD API is fully compatible with XF2 yet? It's not possible for me to update to XF2 until I know this works properly, as I use this amazing add-on to tie a couple of websites together.
 
Just wondering, can you confirm whether BD API is fully compatible with XF2 yet? It's not possible for me to update to XF2 until I know this works properly, as I use this amazing add-on to tie a couple of websites together.

The new version works well with XF2 but it doesn't have 100% features of the XF1 version yet. However the missing features are mostly minor / rarely used ones
 
Top Bottom