XF 2.1 REST API

azamat.g

Member
This API turns XenForo in "headless CMS" in fact, so in future we will see some fantastic features like Vue.JS on frontend with Xenforo in backend etc. :)
 

rellect

Well-known member
This API turns XenForo in "headless CMS" in fact, so in future we will see some fantastic features like Vue.JS on frontend with Xenforo in backend etc. :)
Well that's incorrect because there's no option to disable the default front-end, so you can't run it in "headless" mode. Also, xenforo is not a cms.
 

LuckyRiver

Active member
Thank you for exposing REST API.

I was able authenticate myself and retrieve my profile via postman.

Took me a little bit longer since I was more familliar with Oauth 2.0 using password grant type and client id key. But it does the job.

My concern is the super user key which I have to figure out how to pass it from a client app like a spa one using JavaScript. One can see it using dev tools. Unless I only create one specific with reading only scope and to authenticate. Is it correct to do it that way?

I was looking to replace my custom authentication of the poker game and use REST api to authenticate player and retrieve his/her avatar and possibly add cash game earned to a point system in the future.

Nicely done!

Test on auth post, response below
Code:
{
    "success": true,
    "user": {
        "about": "",
        "activity_visible": true,
        "alert_optout": [],
        "allow_post_profile": "members",
        "allow_receive_news_feed": "everyone",
        "allow_send_personal_conversation": "members",
        "allow_view_identities": "everyone",
        "allow_view_profile": "everyone",
        "avatar_urls": {
            "o": null,
            "h": null,
            "l": null,
            "m": null,
            "s": null
        },
        "can_ban": false,
        "can_converse": false,
        "can_edit": false,
        "can_follow": false,
        "can_ignore": false,
        "can_post_profile": false,
        "can_view_profile": true,
        "can_view_profile_posts": true,
        "can_warn": false,
        "content_show_signature": true,
        "creation_watch_state": "watch_email",
        "custom_fields": {},
        "custom_title": "",
        "email": "test@xflocal.com",
        "email_on_conversation": true,
        "gravatar": "",
        "interaction_watch_state": "watch_email",
        "is_admin": true,
        "is_discouraged": false,
        "is_moderator": true,
        "is_staff": true,
        "is_super_admin": true,
        "last_activity": 1552436432,
        "location": "",
        "message_count": 0,
        "push_on_conversation": false,
        "push_optout": [],
        "reaction_score": 0,
        "receive_admin_email": false,
        "register_date": 1552436432,
        "secondary_group_ids": [
            3,
            4
        ],
        "show_dob_date": true,
        "show_dob_year": false,
        "signature": "",
        "timezone": "Europe/London",
        "trophy_points": 0,
        "usa_tfa": false,
        "user_group_id": 2,
        "user_id": 1,
        "user_state": "valid",
        "user_title": "Administrator",
        "username": "LuckyRiver",
        "visible": true,
        "website": ""
    }
}
Tested with me post, response below shows my avatar
Code:
{
    "me": {
        "about": "",
        "activity_visible": true,
        "alert_optout": [],
        "allow_post_profile": "members",
        "allow_receive_news_feed": "everyone",
        "allow_send_personal_conversation": "members",
        "allow_view_identities": "everyone",
        "allow_view_profile": "everyone",
        "avatar_urls": {
            "o": "http://localhost/community/data/avatars/o/0/1.jpg?1552439990",
            "h": "http://localhost/community/data/avatars/h/0/1.jpg?1552439990",
            "l": "http://localhost/community/data/avatars/l/0/1.jpg?1552439990",
            "m": "http://localhost/community/data/avatars/m/0/1.jpg?1552439990",
            "s": "http://localhost/community/data/avatars/s/0/1.jpg?1552439990"
        },
        "can_ban": false,
        "can_converse": false,
        "can_edit": true,
        "can_follow": false,
        "can_ignore": false,
        "can_post_profile": true,
        "can_view_profile": true,
        "can_view_profile_posts": true,
        "can_warn": false,
        "content_show_signature": true,
        "creation_watch_state": "watch_email",
        "custom_fields": {
            "skype": "",
            "facebook": "",
            "twitter": ""
        },
        "custom_title": "",
        "email": "test@xflocal.com",
        "email_on_conversation": true,
        "gravatar": "",
        "interaction_watch_state": "watch_email",
        "is_admin": true,
        "is_banned": false,
        "is_discouraged": false,
        "is_followed": false,
        "is_ignored": false,
        "is_moderator": true,
        "is_staff": true,
        "is_super_admin": true,
        "last_activity": 1552439995,
        "location": "",
        "message_count": 0,
        "push_on_conversation": false,
        "push_optout": [],
        "reaction_score": 0,
        "receive_admin_email": false,
        "register_date": 1552436432,
        "secondary_group_ids": [
            3,
            4
        ],
        "show_dob_date": true,
        "show_dob_year": false,
        "signature": "",
        "timezone": "Europe/London",
        "trophy_points": 0,
        "usa_tfa": false,
        "user_group_id": 2,
        "user_id": 1,
        "user_state": "valid",
        "user_title": "Administrator",
        "username": "LuckyRiver",
        "visible": true,
        "warning_points": 0,
        "website": ""
    }
}
 
Last edited:

Mave

Member
Quick question: in order to create a smartphone app: you would of course need a superuser key, right?
Otherwise only one person would be able to do something on the forum besides reading.
 

doublespaces

Well-known member
Quick question: in order to create a smartphone app: you would of course need a superuser key, right?
Otherwise only one person would be able to do something on the forum besides reading.
I had an addon made which allows you to create User keys for yourself as a regular user. Currently in the process of creating definable Scope Groups and then it will be released for free.
 

Mave

Member
I had an addon made which allows you to create User keys for yourself as a regular user. Currently in the process of creating definable Scope Groups and then it will be released for free.
Thank you for your answer. However: is there no way of doing this without using your addon?
 

doublespaces

Well-known member
Thank you for your answer. However: is there no way of doing this without using your addon?
Sure you could. But this addon allows a normal user with proper permissions the ability to create user keys without the need of an administrator. As the admin, you can specify exactly which API scopes a particular user group has access to by defining an API Scope Group and assigning it to a user group.
 

Mave

Member
Sure you could. But this addon allows a normal user with proper permissions the ability to create user keys without the need of an administrator. As the admin, you can specify exactly which API scopes a particular user group has access to by defining an API Scope Group and assigning it to a user group.
Thanks for your reply! Do you have an ETA for the addon?
 

doublespaces

Well-known member
Thanks for your reply! Do you have an ETA for the addon?
Have one other add-on my developer needs to finish first. Then these changes will occur. In the meantime you can just create your own keys while you do testing/developmemt of your project.
 

DragonByte Tech

Well-known member
Have one other add-on my developer needs to finish first. Then these changes will occur. In the meantime you can just create your own keys while you do testing/developmemt of your project.
Just a small suggestion; By default, the system generates an email to the administrators whenever an API key is edited or added. You may wish to suppress that, so here's the class extension I use in the eCommerce mod.
(I auto-generate API keys with very limited scopes in order to allow people to download their products via the [TH] Install & Upgrade addon.)

PHP:
<?php

namespace DBTech\eCommerce\XF\Entity;

use XF\Mvc\Entity\Structure;

/**
 * Class ApiKey
 * @package DBTech\eCommerce\XF\Entity
 */
class ApiKey extends XFCP_ApiKey
{
    /**
     * @return bool
     */
    public function hasNotifiableChanges()
    {
        return (
            parent::hasNotifiableChanges()
            && !$this->getOption('dbtech_ecommerce_is_automated')
        );
    }
    
    /**
     * @param Structure $structure
     *
     * @return Structure
     */
    public static function getStructure(Structure $structure)
    {
        $structure = parent::getStructure($structure);
        
        $structure->options['dbtech_ecommerce_is_automated'] = false;

        return $structure;
    }
}
Might be getting a little ahead of myself since your developer hasn't even started it yet, but hey :p
 

doublespaces

Well-known member
Just a small suggestion; By default, the system generates an email to the administrators whenever an API key is edited or added. You may wish to suppress that, so here's the class extension I use in the eCommerce mod.
(I auto-generate API keys with very limited scopes in order to allow people to download their products via the [TH] Install & Upgrade addon.)

PHP:
<?php

namespace DBTech\eCommerce\XF\Entity;

use XF\Mvc\Entity\Structure;

/**
* Class ApiKey
* @package DBTech\eCommerce\XF\Entity
*/
class ApiKey extends XFCP_ApiKey
{
    /**
     * @return bool
     */
    public function hasNotifiableChanges()
    {
        return (
            parent::hasNotifiableChanges()
            && !$this->getOption('dbtech_ecommerce_is_automated')
        );
    }
   
    /**
     * @param Structure $structure
     *
     * @return Structure
     */
    public static function getStructure(Structure $structure)
    {
        $structure = parent::getStructure($structure);
       
        $structure->options['dbtech_ecommerce_is_automated'] = false;

        return $structure;
    }
}
Might be getting a little ahead of myself since your developer hasn't even started it yet, but hey :p
Thanks. The addon is in my hands and usable as a normal user, the creation of the scope groups is still left to be completed. For my own purposes it is done, however I figured I'd go the last mile and make it useful to everyone.
 

Robust

Well-known member
@Chris D This is a bit of a long shot, but any plans to allow users to get user API access keys for this site (the XF forums)?

Would be nice to feed in conversations into a centralised support system, for example.
 

Jake B.

Well-known member
@Chris D This is a bit of a long shot, but any plans to allow users to get user API access keys for this site (the XF forums)?

Would be nice to feed in conversations into a centralised support system, for example.
I recall seeing a suggestion thread asking for something similar to automate deployments of updates to XF.com's resource manager. Don't know what ever came of that though
 

Brogan

XenForo moderator
Staff member
It's probably better to move discussion related to that to a more appropriate forum.

 

itfs1992

New member
This API turns XenForo in "headless CMS" in fact, so in future we will see some fantastic features like Vue.JS on frontend with Xenforo in backend.
 
Top