XF 2.2 XenForo 2.2 Rest API help


Active member
So, let's assume i'm creating the API Key with super user privileges, and my plan is to create login/registration integration with my forum.
Which scope of API permission should i have in that key, and which function XenForo uses to hash the passwords?

ex. my visitor visits the www.gametracker.vip , registered there, and also he will have the account on https://forum.gametracker.vip with the same username / email address and passwords.

When he will be logged in website cms, he will be also in forum too.


XenForo developer
Staff member
So the REST API doesn't necessarily automatically log people into the forum. This is tricky in various cases due to cookie limits. There is a 2.2 endpoint that can help, but it involves redirecting through a page: https://xenforo.com/community/pages/api-endpoints/#route_post_auth_login_token

I'm not sure what you're asking with regards to the password hash question as you wouldn't really ever be exposed to that. You can authenticate a username and password via the API: https://xenforo.com/community/pages/api-endpoints/#route_post_auth_ (The system is bcrypt by default, but that can be modified and can be different for specific accounts.)

In terms of scopes, you can vary this based on what you need if you run into errors. The benefit here is mostly security in the case your API key gets leaked. But you would likely need auth- and user-related scopes for what you're suggesting.