Grabbing user JSON data without being logged in

Swennet

I'm currently in the process of highly integrating WordPress and Vanilla, and I would like to display some information from Vanilla on my WordPress site. Mainly, profile info, notifications, messages, and badges. I planned on using JSON to grab this data, but quickly ran into some issues.

https://mysite.com/community/profile.json/username <-- Publicly accessible
https://mysite.com/community/messages.json/inbox <-- Only accessible through that user's login session

I'm wondering if there is a way to securely grab the data that is typically only accessible by the current logged in user. Something like:

https://mysite.com/community/messages.json/inbox?for=username&secret_key=abc123

Any suggestions?

Linc

You would need to use an API plugin (recommended), or use an SSO token (very complex).

We'll be supporting this sort of thing natively by the end of 2017 (probably Vanilla 2.5).

x00

Well if they are are logged in simply

https://vanillaforums.org/messages/inbox?DeliveryMethod=JSON
https://vanillaforums.org/messages/inbox?DeliveryMethod=JSON&DeliveryType=DATA

no need for additional security. You wouldn't display this information if they weren't logged in anyway. You can use as SSO solution like jsConnect.

You can use the client and javascript to grab the data.

Swennet

I was thinking the same thing, but then I decided that I also want to submit data to Vanilla. I'm going to try the API 0.4.0 plugin and see if it suits my needs. If not, then doing it through jsConnect is a good alternative.

Thanks for the replies guys!