Skip to content
Sudonix

Following the API docs but its not clear ...

Solved Customisation
8 2 1.6k 1
  • Pandaundefined

    I want some widget code to be able to make a topic post in certain circumstances
    I generated an API key under userID 1
    but Im unsure where to put this key, in some APIs it would go as a BearerID in the body, and sometimes it goes as a key concatenated to the endpoint…
    but its not specified in the docs exactly how to do it
    https://docs.nodebb.org/api/write/#tag/topics
    Also usually you would expect to have to supply a Method type as POST?
    The code is currently along these lines

    const bodyData={
"cid": 1,
"title": "Test topic",
"content": "This is the test topic's content",
"timestamp": 556084800000,
"tags": [
"test",
"topic"
]
}
const key='c56.. //redcated
 fetch(
   `https://aignite.nodebb.org/api/v3/topics/', bodyData
)
.then(response => response.json())
.then( data=> {....

    I wonder if you don’t have to supply the key if its done with an Authentication cookie, but the above code doesnt work.
    Perhaps the bodyData parameter is in wrong place?

    0
  • Pandaundefined Panda

    I want some widget code to be able to make a topic post in certain circumstances
    I generated an API key under userID 1
    but Im unsure where to put this key, in some APIs it would go as a BearerID in the body, and sometimes it goes as a key concatenated to the endpoint…
    but its not specified in the docs exactly how to do it
    https://docs.nodebb.org/api/write/#tag/topics
    Also usually you would expect to have to supply a Method type as POST?
    The code is currently along these lines

    const bodyData={
"cid": 1,
"title": "Test topic",
"content": "This is the test topic's content",
"timestamp": 556084800000,
"tags": [
"test",
"topic"
]
}
const key='c56.. //redcated
 fetch(
   `https://aignite.nodebb.org/api/v3/topics/', bodyData
)
.then(response => response.json())
.then( data=> {....

    I wonder if you don’t have to supply the key if its done with an Authentication cookie, but the above code doesnt work.
    Perhaps the bodyData parameter is in wrong place?

    phenomlabundefined

    @Panda Here’s how I’ve done it using basic CURL commands in PHP - you should be able to gain an understanding of structure at least.

    $ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'http://localhost:5001/api/v3/topics');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "title=api test post&content=the contents of the test post&cid=1&_uid=1");

$headers = array();
$headers[] = 'Authorization: Bearer d2b8602d-01a6-86ee-bbe4-0e016144be0c';
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}
curl_close($ch);
    
    }
    // Item has already been processed. Continue loop until count exhausted
    else {
        echo "Checking " .
            "\nLine item already processed - \033[33m[Ignored]\n\033[0m";
    }
}

    Mark – Founder, Phenomlab Ltd
    Executive IT & Security Leadership
    Phenomlab Ltd

    0
  • phenomlabundefined phenomlab

    @Panda Here’s how I’ve done it using basic CURL commands in PHP - you should be able to gain an understanding of structure at least.

    $ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'http://localhost:5001/api/v3/topics');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "title=api test post&content=the contents of the test post&cid=1&_uid=1");

$headers = array();
$headers[] = 'Authorization: Bearer d2b8602d-01a6-86ee-bbe4-0e016144be0c';
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}
curl_close($ch);
    
    }
    // Item has already been processed. Continue loop until count exhausted
    else {
        echo "Checking " .
            "\nLine item already processed - \033[33m[Ignored]\n\033[0m";
    }
}
    Pandaundefined

    @phenomlab
    OK. The official docs are lacking in detail (in comparison to usual API example docs)
    They omit any mention of headers and BearerID - which it seems from your example are required.
    How did you figure out that combination? Did you see more extensive documentation?

    I will try and replicate the same with a JS fetch, if not I will make a topic on NodeBB Community

    phenomlabundefined 1 Reply
    0
  • Pandaundefined

    Update, adding those fields in …

    The API code doesn’t work from a widget, but from a stand-alone hosted code it gives this error
    Error with Permissions-Policy header: Origin trial controlled feature not enabled: ‘interest-cohort’.
    Is that like a CORS issue? Is there a fix for that?

    0
  • Pandaundefined

    Update: It was a CSRF token issue.
    I hadn’t even heard of one of those 😁

    1
  • Pandaundefined Panda

    @phenomlab
    OK. The official docs are lacking in detail (in comparison to usual API example docs)
    They omit any mention of headers and BearerID - which it seems from your example are required.
    How did you figure out that combination? Did you see more extensive documentation?

    I will try and replicate the same with a JS fetch, if not I will make a topic on NodeBB Community

    phenomlabundefined

    @Panda said in Following the API docs but its not clear ...:

    How did you figure out that combination? Did you see more extensive documentation?

    There’s documentation all over the Internet in relation to curl and not really “NodeBB” specific. It’s one of the headers and required for authentication.

    A search for curl on NodeBB also shows this in detail

    https://community.nodebb.org/search?term=Curl&in=titlesposts&matchWords=all&showAs=posts

    Mark – Founder, Phenomlab Ltd
    Executive IT & Security Leadership
    Phenomlab Ltd

    0
  • phenomlabundefined phenomlab

    @Panda said in Following the API docs but its not clear ...:

    How did you figure out that combination? Did you see more extensive documentation?

    There’s documentation all over the Internet in relation to curl and not really “NodeBB” specific. It’s one of the headers and required for authentication.

    A search for curl on NodeBB also shows this in detail

    https://community.nodebb.org/search?term=Curl&in=titlesposts&matchWords=all&showAs=posts

    Pandaundefined

    @phenomlab
    Yes just searched
    Found some curl things on a PhP related post on NodeBB now …
    I’m quite surprise anyone was using Curl and PhP with NodeBB !

    0
  • Pandaundefined Panda

    @phenomlab
    Yes just searched
    Found some curl things on a PhP related post on NodeBB now …
    I’m quite surprise anyone was using Curl and PhP with NodeBB !

    phenomlabundefined

    @Panda you’d be surprised. If you consider that you’d need to use the API to be able to populate a WordPress widget for example (which in turn would of course be PHP), taking this route is still immensely popular.

    Mark – Founder, Phenomlab Ltd
    Executive IT & Security Leadership
    Phenomlab Ltd

    1
  • phenomlabundefined phenomlab has marked this topic as solved on
Log in to reply

Did this solution help you?
Did you find the suggested solution useful? Support 💗 Sudonix with a coffee
If your organisation needs deeper expertise around infrastructure, security, or technology leadership, learn more about Phenomlab Ltd. Many of the deeper technical guides behind Sudonix are published there.

Related Topics
  • cagatayundefined

    NodeBB v4.0.0

    General nodebb sudonix version 4
    28
    4 Votes
    28 Posts
    4k Views
    phenomlabundefined
    @Panda said in NodeBB v4.0.0: the workings of World aren’t intuitive Its not easy to get World populating when a forum is new to it This is a good point and one I’ve considered also. It’s a little confusing to be honest.
  • Hariundefined

    Protecting API Access on Apache/Cloudways

    Solved Security api cloudways
    3
    1 Votes
    3 Posts
    858 Views
    Hariundefined
    @phenomlab issue was with high traffic spikes and the website used to get crashed. API is managed by others, its built in such a way they built it in such un protected way. we would be moving to nodejs own APIs soon to address all these issues. thought of solving it with help of you and a friend of mine is helping me build a new site with APIs. thanks
  • phenomlabundefined

    Planned sunset of NTFY plugin

    Pinned Announcements push nodebb ntfy
    7
    1
    8 Votes
    7 Posts
    1k Views
    phenomlabundefined
    I’ve noticed that I’m the only one subscribed to the push notifications on this site. If you were using NTFY previously, and have noticed that you’ve not had any alerts for a while, it’s because this feature has been disabled. You’ll now need to use the push notification to replace NTFY as mentioned in the first post.
  • Pandaundefined

    Nodebb icon on google page

    Solved Customisation nodebb
    9
    1
    4 Votes
    9 Posts
    2k Views
    phenomlabundefined
    @Panda It’s been raised multiple times, but only for the open source version, and not hosted.
  • Pandaundefined

    Nodebb design

    Solved General nodebb
    2
    1 Votes
    2 Posts
    874 Views
    phenomlabundefined
    @Panda said in Nodebb design: One negative is not being so good for SEO as more Server side rendered forums, if web crawlers dont run the JS to read the forum. From recollection, Google and Bing have the capability to read and process JS, although it’s not in the same manner as a physical person will consume content on a page. It will be seen as plain text, but will be indexed. However, it’s important to note that Yandex and Baidu will not render JS, although seeing as Google has a 90% share of the content available on the web in terms of indexing, this isn’t something you’ll likely lose sleep over. @Panda said in Nodebb design: The “write api” is preferred for server-to-server interactions. This is mostly based around overall security - you won’t typically want a client machine changing database elements or altering data. This is why you have “client-side” which could be DOM manipulation etc, and “server-side” which performs more complex operations as it can communicate directly with the database whereas the client cannot (and if it can, then you have a serious security flaw). Reading from the API is perfectly acceptable on the client-side, but not being able to write. A paradigm here would be something like SNMP. This protocol exists as a UDP (UDP is very efficient, as it is “fire and forget” and does not wait for a response like TCP does) based service which reads performance data from a remote source, thus enabling an application to parse that data for use in a monitoring application. In all cases, SNMP access should be “RO” (Read Only) and not RW (Read Write). It is completely feasible to assume complete control over a firewall for example by having RW access to SNMP and then exposing it to the entire internet with a weak passphrase. You wouldn’t do it (at least, I hope you wouldn’t) and the same ethic applies to server-side rendering and the execution of commands.
  • Pandaundefined

    SEO and Nodebb

    Performance nodebb seo
    2
    2 Votes
    2 Posts
    809 Views
    phenomlabundefined
    @Panda It’s the best it’s ever been to be honest. I’ve used a myriad of systems in the past - most notably, WordPress, and then Flarum (which for SEO, was absolutely dire - they never even had SEO out of the box, and relied on a third party extension to do it), and NodeBB easily fares the best - see below example https://www.google.com/search?q=site%3Asudonix.org&oq=site%3Asudonix.org&aqs=chrome..69i57j69i60j69i58j69i60l2.9039j0j3&sourceid=chrome&ie=UTF-8#ip=1 However, this was not without significant effort on my part once I’d migrated from COM to ORG - see below posts https://community.nodebb.org/topic/17286/google-crawl-error-after-site-migration/17?_=1688461250365 And also https://support.google.com/webmasters/thread/221027803?hl=en&msgid=221464164 It was painful to say the least - as it turns out, there was an issue in NodeBB core that prevented spiders from getting to content, which as far as I understand, is now fixed. SEO in itself is a dark art - a black box that nobody really fully understands, and it’s essentially going to boil down to one thing - “content”. Google’s algorithm for indexing has also changed dramatically over the years. They only now crawl content that has value, so if it believes that your site has nothing to offer, it will simply skip it.
  • mventuresundefined

    NodeBB: Creating pages

    Solved Configure nodebb create page
    9
    0 Votes
    9 Posts
    2k Views
    mventuresundefined
    OK, I think I have figured out how to place a link in the footer which will click to a new page.
  • JACundefined

    NodeBB metadata

    Solved Configure nodebb metadata
    4
    2 Votes
    4 Posts
    1k Views
    JACundefined
    @phenomlab said in NodeBB metadata: @jac Are you sure ? https://www.google.co.uk/search?q=site%3Astockportcounty.fans&sxsrf=AOaemvLwnaZL-PliU_2dBOg_Eo1pMVhBjg%3A1638982328139&source=hp&ei=uOKwYeatBcOsad3yp7AE&iflsig=ALs-wAMAAAAAYbDwyLBSDcG5XYoFCKwQFhgz94wTxOcV&ved=0ahUKEwjm6dX71NT0AhVDVhoKHV35CUYQ4dUDCAk&uact=5&oq=site%3Astockportcounty.fans&gs_lcp=Cgdnd3Mtd2l6EAM6BAgjECc6CwgAEIAEELEDEIMBOg4ILhCABBCxAxDHARCjAjoRCC4QgAQQsQMQgwEQxwEQowI6BQguEIAEOggIABCABBCxAzoFCAAQgAQ6CAguELEDEIMBOgsILhCABBDHARCvAToICC4QgAQQsQM6BQgAELEDOgsILhCABBDHARDRAzoLCAAQgAQQsQMQyQM6BQgAEJIDUABYySZg0CdoAHAAeACAAW2IAa0NkgEEMjMuMpgBAKABAQ&sclient=gws-wiz Fair enough 🤪🤪.