Vanilla API and authentication

jspautsch

I'm currently using the built-in Vanilla open source API (in version 2.0.18) to retrieve a list of recent discussions via /index.php?p=/discussions.json

However, I'd also like to retrieve unread counts for the user, but to do this I'd need to establish a session. I have the user's username and password, because they authenticate via basic HTTP auth using the same credentials that are used to login to our Vanilla instance.

I keep seeing posts on the community forums suggesting that this might be possible with Vanilla's built-in API; however, I can find no documentation at all as to its capabilities. For example, on the open source documentation page here on vanillaforums.org, the Vanilla API section redirects to the .com site:

http://blog.vanillaforums.com/api/

...which obviously isn't useful for me. On that page it does say "Vanilla has had a read-only ReSTful API for some time," but again, gives no documentation. That page only seems to describe the capabilities of the "Simple API" plugin, which I assume is commercial-only.

Anyone know how Vanilla's read-only REST API works, or know where I can find documentation on it? Does "read-only" imply I won't be able to authenticate users?

Kasper

To authenticate with the default API, you simply need to authenticate with Vanilla itself using any of the SSO solutions out there.

As for my API application, it's very close to being of beta quality, but it currently isn't and won't be compatible with Vanilla 2.0.18.

Kasper

@jspauth: Why not send an AJAX call directly to the API endpoint? You don't need to route it through cURL in PHP.

peregrine

Don't know any answers to your questions.

but perhaps kasper's wiki and plugin might help.

https://github.com/kasperisager/vanilla-api/wiki

jspautsch

Looked into that, and looking forward to when it's actually released, but last I heard it was in very early development and not ready for production use.

When I tried to use it, it didn't seem to like the fact that my Vanilla instance isn't on the domain root (least that's what I assume, on the Settings page it lists my api location on the domain root instead of on the subdirectory containing the Vanilla instance, and trying to access /api on either vanilla/api/... or /index.php?p=/api/... yields a Not Found error). I also don't see much in the way of documentation there, so I'm not even sure how to access things like a discussion list.

peregrine

@kasper any insights?

http://vanillaforums.org/addon/api-application

Kasper

To authenticate with the default API, you simply need to authenticate with Vanilla itself using any of the SSO solutions out there.

As for my API application, it's very close to being of beta quality, but it currently isn't and won't be compatible with Vanilla 2.0.18.

x00

there are three api. the core OS version, the hosted version, and kasperisager's API

what context are you wanting to do this? Client side scripting you already have a session, if said person is logged on.

jspautsch

@x00 said:
there are three api. the core OS version, the hosted version, and kasperisager's API

what context are you wanting to do this? Client side scripting you already have a session, if said person is logged on.

Like I said in the OP, the core OS version.

@Kasper said:
To authenticate with the default API, you simply need to authenticate with Vanilla itself using any of SSO solutions out there.

Hm, not sure why I didn't think of that. I'll give it a shot.

As for my API application, it's very close to being of beta quality, but it currently isn't and won't be compatible with Vanilla 2.0.18.

Ah, skipping straight to 2.1?

x00

Like I said in the OP, the core OS version.

You didn't understand the question. I asked if you are using the api client side or server side.

if you are are doing it server side, you need cookie/handling handling. Also storing the password in plain text, isn't the ideal.

jspautsch

More like I missed the second half.

@x00 said:
if you are are doing it server side, you need cookie/handling handling. Also storing the password in plain text, isn't the ideal.

Well, it's javascript that does an AJAX call to a PHP file. The PHP file then uses CURL to call /index.php?p=/discussions.json and return the result.

Kasper

@jspauth: Why not send an AJAX call directly to the API endpoint? You don't need to route it through cURL in PHP.

jspautsch

@Kasper said:
jspauth: Why not send an AJAX call directly to the API endpoint? You don't need to route it through cURL in PHP.

Yeah... as I typed it I realized how backwards it was. As it happens I had simply adapted it from the wordpress plugin. I'll try it out. :P