Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

API Authentication using curl

Good Afternoon,

I'm currently running a vanilla forums installation embedded into a WordPress site using WordPress as the SSO provider. I have installed the NinjaForms plugin on my WordPress site so that I can accept user-input from a form. I would like to create a new discussion on my forum when a user submits this form.

At this point, I've hooked into the appropriate events in the WordPress plugin and am able to print out the form details on my page after the form is submitted.
I've also figured out how to post a new discussion by manually sending a request to the vanilla http endpoints with my browser tools using an active session.

The last step I need to figure out is how to make these calls as an authenticated user from the server (in php code)

So far, I have an unauthenticated call to the endpoint, but I don't know how to make this call as the currently-logged-in user


$data = array(
  'Name'        => $post_title,
  'Body'        => "Here is some text",
  'CategoryID'  => $category_id,
  'TransientKey'=> $transient_key

$options = array(
    CURLOPT_RETURNTRANSFER  => true,   // return web page
    CURLOPT_FOLLOWLOCATION  => true,   // follow redirects
    CURLOPT_POST            => true,
    CURLOPT_POSTFIELDS      => $data,
    CURLOPT_HTTPHEADER      => array("application/x-www-form-urlencoded")

$ch = curl_init($url);
curl_setopt_array($ch, $options);

$content  = curl_exec($ch);





  • Options
    hgtonighthgtonight ∞ · New Moderator

    The easy is answer is to use an AJAX call. The client's cookies will automatically be submitted with the request and it will "just work."

    If you absolutely need to do this via cUrl, you are going to want to use the API application (which currently requires the alpha version of Vanilla). The API application offers a signature based authentication that doesn't rely on cookies.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • Options

    Thanks for the response. Unfortunately I'm running a live site, so an alpha build isn't ideal. I also haven't been able to find any documentation on upgrading an existing site to 2.2

    The reason I was hoping to do this from php is that I am hooking into the post-processing event after my form is submitted.

    I guess if I have no other option, I will have to come up with a roundabout way to cache the data and call my function via ajax on the submission confirmation page.

  • Options

    I ended up working on sending an AJAX call to the vanilla endpoint. However, I'm still being redirected to the login page. Here are the request and response for the AJAX call.

    Remote Address:
    Request URL:
    Request Method:POST
    Status Code:302 Found

    Response Headers
    Date:Sun, 14 Jun 2015 23:31:33 GMT
    Keep-Alive:timeout=5, max=100
    Server:Apache/2.4.7 (Ubuntu)
    Set-Cookie:Vanilla=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
    Set-Cookie:Vanilla=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/

    Request Headers
    Accept-Encoding:gzip, deflate
    Content-Type:application/x-www-form-urlencoded; charset=UTF-8
    User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36

    Form Data
    view URL encoded
    Name:Real API
    Body:test post

    You can see in the response header that I'm being redirected to: /entry/signin?Target=post%2Fdiscussion%2Ftest
    You can also see Set-Cookie:Vanilla=deleted

    Any idea what is going on here?

Sign In or Register to comment.