Following the API docs but its not clear ...

Panda

I want some widget code to be able to make a topic post in certain circumstances
I generated an API key under userID 1
but Im unsure where to put this key, in some APIs it would go as a BearerID in the body, and sometimes it goes as a key concatenated to the endpoint…
but its not specified in the docs exactly how to do it
https://docs.nodebb.org/api/write/#tag/topics
Also usually you would expect to have to supply a Method type as POST?
The code is currently along these lines

const bodyData={
"cid": 1,
"title": "Test topic",
"content": "This is the test topic's content",
"timestamp": 556084800000,
"tags": [
"test",
"topic"
]
}
const key='c56.. //redcated
 fetch(
   `https://aignite.nodebb.org/api/v3/topics/', bodyData
)
.then(response => response.json())
.then( data=> {....

I wonder if you don’t have to supply the key if its done with an Authentication cookie, but the above code doesnt work.
Perhaps the bodyData parameter is in wrong place?

phenomlab

@Panda Here’s how I’ve done it using basic CURL commands in PHP - you should be able to gain an understanding of structure at least.

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'http://localhost:5001/api/v3/topics');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "title=api test post&content=the contents of the test post&cid=1&_uid=1");

$headers = array();
$headers[] = 'Authorization: Bearer d2b8602d-01a6-86ee-bbe4-0e016144be0c';
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}
curl_close($ch);
    
    }
    // Item has already been processed. Continue loop until count exhausted
    else {
        echo "Checking " .
            "\nLine item already processed - \033[33m[Ignored]\n\033[0m";
    }
}

Panda

@phenomlab
OK. The official docs are lacking in detail (in comparison to usual API example docs)
They omit any mention of headers and BearerID - which it seems from your example are required.
How did you figure out that combination? Did you see more extensive documentation?

I will try and replicate the same with a JS fetch, if not I will make a topic on NodeBB Community

Panda

Update, adding those fields in …

The API code doesn’t work from a widget, but from a stand-alone hosted code it gives this error
Error with Permissions-Policy header: Origin trial controlled feature not enabled: ‘interest-cohort’.
Is that like a CORS issue? Is there a fix for that?

Panda

Update: It was a CSRF token issue.
I hadn’t even heard of one of those

phenomlab

@Panda said in Following the API docs but its not clear ...:

How did you figure out that combination? Did you see more extensive documentation?

There’s documentation all over the Internet in relation to curl and not really “NodeBB” specific. It’s one of the headers and required for authentication.

A search for curl on NodeBB also shows this in detail

https://community.nodebb.org/search?term=Curl&in=titlesposts&matchWords=all&showAs=posts

Panda

@phenomlab
Yes just searched
Found some curl things on a PhP related post on NodeBB now …
I’m quite surprise anyone was using Curl and PhP with NodeBB !

phenomlab

@Panda you’d be surprised. If you consider that you’d need to use the API to be able to populate a WordPress widget for example (which in turn would of course be PHP), taking this route is still immensely popular.