XF 2.1 REST API

Welcome to another HYS for 2.1 and this one's a biggie. If you haven't seen the previous entries about what's coming in XF 2.1, check them out here.

Although Halloween may be over, why not trick the "Watch forum" link into giving you a treat, by getting it send you an email whenever we post about new things in the pipeline.

As I write this, our most popular suggestion was a REST API and with 2.1, it's here. While this is a fairly developer-focused feature on its own, it opens up many more integration options. This will make it easier to get data into or out of XenForo, without having to understand the underlying PHP framework that XF is built on.

The API breaks down into a few distinct components, so let's look at those in turn.

 

[azamat.g]

This API turns XenForo in "headless CMS" in fact, so in future we will see some fantastic features like Vue.JS on frontend with Xenforo in backend etc.

 

[Artur1339]

This API turns XenForo in "headless CMS" in fact, so in future we will see some fantastic features like Vue.JS on frontend with Xenforo in backend etc.

Currently working on this. XF powers my NuxtJs Frontend.

 

[GPA-R]

The API is great. Are there any plans to add thread "move" functionality?

 

[xydrine]

Currently working on this. XF powers my NuxtJs Frontend.

I'd give a kidney for an alternative to Tapatalk (basically a native mobile application for forum browsing). Although the XenForo 2.x mobile site is absolutely fabulous.

 

[refael]

This API turns XenForo in "headless CMS" in fact, so in future we will see some fantastic features like Vue.JS on frontend with Xenforo in backend etc.

Well that's incorrect because there's no option to disable the default front-end, so you can't run it in "headless" mode. Also, xenforo is not a cms.

 

[LuckyRiver]

Thank you for exposing REST API.

I was able authenticate myself and retrieve my profile via postman.

Took me a little bit longer since I was more familliar with Oauth 2.0 using password grant type and client id key. But it does the job.

My concern is the super user key which I have to figure out how to pass it from a client app like a spa one using JavaScript. One can see it using dev tools. Unless I only create one specific with reading only scope and to authenticate. Is it correct to do it that way?

I was looking to replace my custom authentication of the poker game and use REST api to authenticate player and retrieve his/her avatar and possibly add cash game earned to a point system in the future.

Nicely done!

Test on auth post, response below

{
    "success": true,
    "user": {
        "about": "",
        "activity_visible": true,
        "alert_optout": [],
        "allow_post_profile": "members",
        "allow_receive_news_feed": "everyone",
        "allow_send_personal_conversation": "members",
        "allow_view_identities": "everyone",
        "allow_view_profile": "everyone",
        "avatar_urls": {
            "o": null,
            "h": null,
            "l": null,
            "m": null,
            "s": null
        },
        "can_ban": false,
        "can_converse": false,
        "can_edit": false,
        "can_follow": false,
        "can_ignore": false,
        "can_post_profile": false,
        "can_view_profile": true,
        "can_view_profile_posts": true,
        "can_warn": false,
        "content_show_signature": true,
        "creation_watch_state": "watch_email",
        "custom_fields": {},
        "custom_title": "",
        "email": "test@xflocal.com",
        "email_on_conversation": true,
        "gravatar": "",
        "interaction_watch_state": "watch_email",
        "is_admin": true,
        "is_discouraged": false,
        "is_moderator": true,
        "is_staff": true,
        "is_super_admin": true,
        "last_activity": 1552436432,
        "location": "",
        "message_count": 0,
        "push_on_conversation": false,
        "push_optout": [],
        "reaction_score": 0,
        "receive_admin_email": false,
        "register_date": 1552436432,
        "secondary_group_ids": [
            3,
            4
        ],
        "show_dob_date": true,
        "show_dob_year": false,
        "signature": "",
        "timezone": "Europe/London",
        "trophy_points": 0,
        "usa_tfa": false,
        "user_group_id": 2,
        "user_id": 1,
        "user_state": "valid",
        "user_title": "Administrator",
        "username": "LuckyRiver",
        "visible": true,
        "website": ""
    }
}

Tested with me post, response below shows my avatar

{
    "me": {
        "about": "",
        "activity_visible": true,
        "alert_optout": [],
        "allow_post_profile": "members",
        "allow_receive_news_feed": "everyone",
        "allow_send_personal_conversation": "members",
        "allow_view_identities": "everyone",
        "allow_view_profile": "everyone",
        "avatar_urls": {
            "o": "http://localhost/community/data/avatars/o/0/1.jpg?1552439990",
            "h": "http://localhost/community/data/avatars/h/0/1.jpg?1552439990",
            "l": "http://localhost/community/data/avatars/l/0/1.jpg?1552439990",
            "m": "http://localhost/community/data/avatars/m/0/1.jpg?1552439990",
            "s": "http://localhost/community/data/avatars/s/0/1.jpg?1552439990"
        },
        "can_ban": false,
        "can_converse": false,
        "can_edit": true,
        "can_follow": false,
        "can_ignore": false,
        "can_post_profile": true,
        "can_view_profile": true,
        "can_view_profile_posts": true,
        "can_warn": false,
        "content_show_signature": true,
        "creation_watch_state": "watch_email",
        "custom_fields": {
            "skype": "",
            "facebook": "",
            "twitter": ""
        },
        "custom_title": "",
        "email": "test@xflocal.com",
        "email_on_conversation": true,
        "gravatar": "",
        "interaction_watch_state": "watch_email",
        "is_admin": true,
        "is_banned": false,
        "is_discouraged": false,
        "is_followed": false,
        "is_ignored": false,
        "is_moderator": true,
        "is_staff": true,
        "is_super_admin": true,
        "last_activity": 1552439995,
        "location": "",
        "message_count": 0,
        "push_on_conversation": false,
        "push_optout": [],
        "reaction_score": 0,
        "receive_admin_email": false,
        "register_date": 1552436432,
        "secondary_group_ids": [
            3,
            4
        ],
        "show_dob_date": true,
        "show_dob_year": false,
        "signature": "",
        "timezone": "Europe/London",
        "trophy_points": 0,
        "usa_tfa": false,
        "user_group_id": 2,
        "user_id": 1,
        "user_state": "valid",
        "user_title": "Administrator",
        "username": "LuckyRiver",
        "visible": true,
        "warning_points": 0,
        "website": ""
    }
}

 

[Mave]

Quick question: in order to create a smartphone app: you would of course need a superuser key, right?
Otherwise only one person would be able to do something on the forum besides reading.

 

[doublespaces]

Quick question: in order to create a smartphone app: you would of course need a superuser key, right?
Otherwise only one person would be able to do something on the forum besides reading.

I had an addon made which allows you to create User keys for yourself as a regular user. Currently in the process of creating definable Scope Groups and then it will be released for free.

 

[Mave]

I had an addon made which allows you to create User keys for yourself as a regular user. Currently in the process of creating definable Scope Groups and then it will be released for free.

Thank you for your answer. However: is there no way of doing this without using your addon?

 

[doublespaces]

Thank you for your answer. However: is there no way of doing this without using your addon?

Sure you could. But this addon allows a normal user with proper permissions the ability to create user keys without the need of an administrator. As the admin, you can specify exactly which API scopes a particular user group has access to by defining an API Scope Group and assigning it to a user group.

 

[Mave]

Sure you could. But this addon allows a normal user with proper permissions the ability to create user keys without the need of an administrator. As the admin, you can specify exactly which API scopes a particular user group has access to by defining an API Scope Group and assigning it to a user group.

Thanks for your reply! Do you have an ETA for the addon?

 

[doublespaces]

Thanks for your reply! Do you have an ETA for the addon?

Have one other add-on my developer needs to finish first. Then these changes will occur. In the meantime you can just create your own keys while you do testing/developmemt of your project.

 

[DragonByte Tech]

Have one other add-on my developer needs to finish first. Then these changes will occur. In the meantime you can just create your own keys while you do testing/developmemt of your project.

Just a small suggestion; By default, the system generates an email to the administrators whenever an API key is edited or added. You may wish to suppress that, so here's the class extension I use in the eCommerce mod.
(I auto-generate API keys with very limited scopes in order to allow people to download their products via the [TH] Install & Upgrade addon.)

<?php

namespace DBTech\eCommerce\XF\Entity;

use XF\Mvc\Entity\Structure;

/**
 * Class ApiKey
 * @package DBTech\eCommerce\XF\Entity
 */
class ApiKey extends XFCP_ApiKey
{
    /**
     * @return bool
     */
    public function hasNotifiableChanges()
    {
        return (
            parent::hasNotifiableChanges()
            && !$this->getOption('dbtech_ecommerce_is_automated')
        );
    }
    
    /**
     * @param Structure $structure
     *
     * @return Structure
     */
    public static function getStructure(Structure $structure)
    {
        $structure = parent::getStructure($structure);
        
        $structure->options['dbtech_ecommerce_is_automated'] = false;

        return $structure;
    }
}

Might be getting a little ahead of myself since your developer hasn't even started it yet, but hey

 

[doublespaces]

Just a small suggestion; By default, the system generates an email to the administrators whenever an API key is edited or added. You may wish to suppress that, so here's the class extension I use in the eCommerce mod.
(I auto-generate API keys with very limited scopes in order to allow people to download their products via the [TH] Install & Upgrade addon.)

<?php

namespace DBTech\eCommerce\XF\Entity;

use XF\Mvc\Entity\Structure;

/**
* Class ApiKey
* @package DBTech\eCommerce\XF\Entity
*/
class ApiKey extends XFCP_ApiKey
{
    /**
     * @return bool
     */
    public function hasNotifiableChanges()
    {
        return (
            parent::hasNotifiableChanges()
            && !$this->getOption('dbtech_ecommerce_is_automated')
        );
    }
   
    /**
     * @param Structure $structure
     *
     * @return Structure
     */
    public static function getStructure(Structure $structure)
    {
        $structure = parent::getStructure($structure);
       
        $structure->options['dbtech_ecommerce_is_automated'] = false;

        return $structure;
    }
}

Might be getting a little ahead of myself since your developer hasn't even started it yet, but hey

Thanks. The addon is in my hands and usable as a normal user, the creation of the scope groups is still left to be completed. For my own purposes it is done, however I figured I'd go the last mile and make it useful to everyone.

 

[Robust]

@Chris D This is a bit of a long shot, but any plans to allow users to get user API access keys for this site (the XF forums)?

Would be nice to feed in conversations into a centralised support system, for example.

 

[Jake B.]

@Chris D This is a bit of a long shot, but any plans to allow users to get user API access keys for this site (the XF forums)?

Would be nice to feed in conversations into a centralised support system, for example.

I recall seeing a suggestion thread asking for something similar to automate deployments of updates to XF.com's resource manager. Don't know what ever came of that though

 

[doublespaces]

Who wants to test it?

 

[Paul B]

It's probably better to move discussion related to that to a more appropriate forum.

Resource and add-on discussions

Non-release-related resource and add-on discussions. Covers things such as general suggestion/feedback gathering, sneak peaks and early previews, and general discussion about the state of the resource/add-on community. Please do not post support requests in this forum.

xenforo.com

 

[itfs1992]

This API turns XenForo in "headless CMS" in fact, so in future we will see some fantastic features like Vue.JS on frontend with Xenforo in backend.

 

[doublespaces]

Is it possible to create a new Media Gallery entry or Resource in the RM via API?