XF 2.1 REST API

Welcome to another HYS for 2.1 and this one's a biggie. If you haven't seen the previous entries about what's coming in XF 2.1, check them out here.

Although Halloween may be over, why not trick the "Watch forum" link into giving you a treat, by getting it send you an email whenever we post about new things in the pipeline.

As I write this, our most popular suggestion was a REST API and with 2.1, it's here. While this is a fairly developer-focused feature on its own, it opens up many more integration options. This will make it easier to get data into or out of XenForo, without having to understand the underlying PHP framework that XF is built on.

The API breaks down into a few distinct components, so let's look at those in turn.
 
Click to expand...
Currently planning migration to XF2 and research the updates I need and site integration is a critical issue for me. I was excited when I saw this API was coming but soon realized it won't be useful as a site integration. I currently use a code snippet to hook into the XenForo session handler so I can retrieve logged in user info which also gives me access to the class structure and everything I need. I'd really love to utilize an API instead however having an API key for every user isn't viable and I don't know the API key for a user prior to knowing who the user is!

Still it's a great feature for external sites hooking into a forum.

I'll be learning the new framework and attempting to rewrite the code snippet.
 
Can someone advise if this REST API would allow for example this type of solution:

A site uses XF for forums, Gallery and Downloads and you also have another forum software solution that has Clubs, Blogs, Classifieds etc, you can turn the forums off on the other software and just use those extras and made to operate as if they are a part of the XF site?
 
ibaker said:
Can someone advise if this REST API would allow for example this type of solution:

A site uses XF for forums, Gallery and Downloads and you also have another forum software solution that has Clubs, Blogs, Classifieds etc, you can turn the forums off on the other software and just use those extras and made to operate as if they are a part of the XF site?
Click to expand...
OMG The Frankenstein forum!
 
ibaker said:
Can someone advise if this REST API would allow for example this type of solution:

A site uses XF for forums, Gallery and Downloads and you also have another forum software solution that has Clubs, Blogs, Classifieds etc, you can turn the forums off on the other software and just use those extras and made to operate as if they are a part of the XF site?
Click to expand...
You need a fairly sophisticated pair of custom add-ons for that, not a REST API.
 
Question, will there be any 'rate limiting' options for API access? Any abuse detection/prevention? I can see malicious people trying to bring down the server by pounding the API with queries.
 
There aren't any rate limiting options. (There aren't any rate limiting options on the web interface either.)

Note that you need an API key to even get access to the API and those can only be generated by an admin (at this time).
 
Most API's have rate limiting, so to pull from an external API to the XF API we would need to add some rate limiting controls somehow.
 
Alfa1 said:
Most API's have rate limiting, so to pull from an external API to the XF API we would need to add some rate limiting controls somehow.
Click to expand...
I believe Mike’s point is that given how you have to manually create API keys, it’s expected that you (the admin) control both the site and the code that makes use of this API key, and can therefore rate limit yourself.

That being said, I don’t disagree with you - having a rate limit would be useful. Considering I plan to make a truly public facing API for eCommerce to be used with the Install & Upgrade feature, rate limiting would be a good idea.

Time to dig through my old ZF3 rate limiting repo and see what I can salvage :p

If I get it working I’ll post something up in the development tutorials forum.


Fillip
 
janslu said:
For security reasons you can always set rate limits on the web server. nginx has some great rate limiting options - https://www.nginx.com/blog/rate-limiting-nginx/ Unless you need to provide extended stats to the client or charge for each request, I don't think it's necessary to have it programmed in Xenforo...
Click to expand...
Well I mean to be fair not everyone runs Nginx or knows how to configure it properly, so having it in the software wouldn’t be the worst idea in the world :)


Fillip
 
Alfa1 said:
Most API's have rate limiting, so to pull from an external API to the XF API we would need to add some rate limiting controls somehow.
Click to expand...

Rate limiting is definitely important if you plan on making the API public (which as others have mentioned requires additional development currently since there isn’t even a way for non admins to generate keys). I’m not sure what you mean by “pull from an external API to the XF API” though, could you elaborate on your use case?

janslu said:
For security reasons you can always set rate limits on the web server. nginx has some great rate limiting options - https://www.nginx.com/blog/rate-limiting-nginx/ Unless you need to provide extended stats to the client or charge for each request, I don't think it's necessary to have it programmed in Xenforo...
Click to expand...

Something like that would only work if you didn’t want to (easily) have different keys with differing limits
 
Jake B. said:
I’m not sure what you mean by “pull from an external API to the XF API” though, could you elaborate on your use case?
Click to expand...
If you connect an external API from a service or other website and use that external API to fetch their data and POST that to XF by using the XF API. For example use the YouTube API to automatically add media to the XFMG.
The rate limiting is important in such use case because without it, you risk going over the limits of the external API and get blocked.
 
Still not really sure I follow, if you're pulling videos from YouTube you'd just use the YouTube API through some plugin in XenForo, you can't have YouTube push data to XenForo, this process doesn't seem like it'd involve XenForo's API at all and even if it did XenForo not having a rate limit wouldn't have anything to do with that process -- you'd still need to make sure you're taking YouTube's rate limit into account when querying their API
 
I will send you my intended use case (not YouTube) by convo as it would get very specific and we would stray way off topic.
 
janslu said:
2. I really, really need a mobile app solution (83% of users on smartphones, fast operation, easy image uploads and notifications are requested all the time). ATM I'm still using BYO Tapatalk on XF 1.5 and I hate it. What scares me the most is using any kind of a bridging software with this kind of permissions. But if the API is/will be comprehensible, it would be fairly easy to build a mobile application WITHOUT any kind of bridging software (and related upgrades/core compatibility/add-on compatibility/security problems). What are your thoughts on this?
Click to expand...

This is something I'm working on for a solution of my own, but without OAuth it won't be too useful. I mean individual keys can be generated and the users can then input the key as a "sign-in" on the application, but this requires extra steps and painful key generation or some sort of modification to generate keys automatically.
 

Similar threads

yar
Awaiting feedback silent and clear_edit parameters are ignored in "POST /api/posts/:id"
Replies
2
Views
283
yar
yar
DNF-SaS
  • Solved
XF 2.2 Fill multi-value custom thread field using API
Replies
5
Views
308
DNF-SaS
DNF-SaS
nakedzombo
XF 2 Paid: Hiring REST API Xenforo 2 addon.
Replies
0
Views
508
nakedzombo
nakedzombo
Kacee
  • Question Question
XF 2.2 How to include params with GET method at REST API?
Replies
8
Views
451
Kacee
Kacee
C
  • Question Question
XF 2.2 Help with rest api
Replies
0
Views
683
canina
C
Top Bottom