Fixed Certain fields missing from User response in /auth API request

[x3sphere]

Affected version

2.1

Not sure if this is considered a bug, but I was using the new API in XF 2.1 and the User response I get from the /auth endpoint is slightly different from that of /users. Note that I'm also passing an admin user ID in the XF-Api-User header. Is that intended?

Certain fields I would expect from the User response in /auth, like use_tfa, are missing. Yet it is present when using /users/{id} or /me

use_tfa is also listed as a column for User data type here: https://xenforo.com/community/pages/api-endpoints/#type_User

So I guess I expected it to be returned from /auth as well, with the proper permissions anyway.

 

[Mike]

This is changed in 2.1.1.

Overall, it follows from more consistent logic for "verbose" vs "normal" API records. As a rule of thumb, if the endpoint returns a single "primary" result, this will always be the verbose version. For the vast majority of types, there is either no or very little difference; users are a bit of a special case because they are potentially very extensive, very commonly returned, and also have significant limits on who can see what data.

In this case, we weren't returning a verbose record from the auth/ endpoint, which differed from me/ or users/{id}. Though less significant, there are other endpoints which were similar, so I've now gone through the code to follow the rule above consistently.

In order to try to make some of these distinctions clearer, I've made some changes to the user type docs: https://xenforo.com/community/pages/api-endpoints/#type_User Notably, there is now an indication when elements may not be present based on permissions or what parts may only be present depending on a permission check of some sort.

 

[GreenZone]

How do you enable verbose mode via the API call ?

 

[Liam W]

How do you enable verbose mode via the API call ?

It isn't actually a mode configured in an API call, the verbosity is an option given to the Entity system to determine which fields are returned. It's controlled by each individual API controller.

 

[GreenZone]

I'm currently creating a Google Apps Script (and Google Sheet) that hooks into Xenforo in order to do some admin style reporting.
@Liam W , are you saying that it's not possible to pull the email address field for all users using a Javascript API call to the users endpoint?

 

[Liam W]

I'm currently creating a Google Apps Script (and Google Sheet) that hooks into Xenforo in order to do some admin style reporting.
@Liam W , are you saying that it's not possible to pull the email address field for all users using a Javascript API call to the users endpoint?

That's correct. You'd have to request the full user record with /users/{id}.

Though I would argue that email should be sent for normal verbosity, personally. Maybe post a suggestion?

 

[GreenZone]

So I have to make hundreds of API calls in order to be able to get the list of email addresses.
That sucks.