2012-02-16, 11:16 PM
This API is absolutely outdated, and as such should never be used in a production environment.
This is an early build of the API, I am in no way responsible for any damages caused by the use or misuse of this API.
The API is designed specifically to NOT display any sensitive information (such as passwords) and any information presented by the API is encrypted.
Keep your API key safe and don't tell anyone that doesn't need to know!
Encryption:
The API uses TripleDES as its encryption algorithm. It uses the Rijndael version in CBC cipher mode. The Key is 32 character, and the IV is 32 characters (providing 256 bits of encryption). The data is "zero" padded. The "API Key" is actually the Key followed by the IV (32 character key, followed by 32 character IV). This method is fast, secure and allows multiple platforms to communicate securely. The algorithm (3DES) is used in the banking
industry for the transfer of PIN codes between merchant and Bank!
You can get the following information from the API:
1. The User Salt--
This is the MyBB salt fom the database, you ned to supply a UID for this. The salt is needed when you are asking the API to validate a password
as the password needs to be hashed (in the normal mybb way) on the client side, before being encrypted and passed to the API.
EG URL String:
http://mysite.com/mybb/api.php?action=salt&uid=1
2. Password Validation--
The API is capable of validating any password from a given username. The username and password hash given should both be encrypted. The password
hash needs to be generated on the client side BEFORE encryption and sending. This is to prevent the sending of plaintext passwords
(although behind encryption) to the API.
Hash Generation:
MyBB uses the following hash generation algorithm (PHP Syntax):
EG URL String:
http://mysite.com/mybb/api.php?action=va...RYPTEDHASH
3. Getting Settings--
The API also allows you to retreive all setting information held within the "Settings" table of MyBB. The settings are returned, encrypted, in the
following xml format string:
EG URL String:
http://mysite.com/mybb/api.php?action=settings
4. Getting User Info--
Use information can also be pulled using the API. All information from the users table is used, apart fom the "password" field, containing the
user hash. This was done for security purposes. The username should be passed ot the API encrypted.
The data is returned in the following XML string format:
EG URL String:
http://mysite.com/mybb/api.php?action=us...EDUSERNAME
5. Thread Listings
This feature mimics the forumdisplay.php output, offering thread listings. It has a number of options to customize the output.
The request should be made in plain text, no need for encryption with this call.
Options:
The response is, again, in the form of an XML string in the following format:
EG URL String:
http://mysite.com/mybb/api.php?action=fo...der={ORDER}
NOTE: The paramters can be passed in any order, and any missed parameters will result in default values being used.
6.Subforum Listings
This allows you to determine if a given forum has any subforums, and if so, allows you to display information on them.
All information is passed with this request, in an encrypted format. The return is sent back as an XML string as follows:
NOTE: The f_{COUNT} element is used because a single forum may have multiple subforums.
EG URL String:
http://mysite.com/mybb/api.php?action=su...s&fid={FID}
7. Thread information and PostLists
This call has two options that present very different data. The first is information on the given thread (default if no option is designated)
and the second is a list of posts within that thread, with relevant information.
Options:
The data is returned in one of 2 XML strings:
- Using the "info" switch:
- Using the "postlist" switch:
EG URL String:
http://mysite.com/mybb/api.php?action=th...}&tid={TID}
This is a brief overview of the API so far, expect more features to come!
Downloads:
The API:
Use this for any projects
[attachment=25546]
.NET Library & Test App
Library: [attachment=25547] (requires .NET 2.0)
Test App: [attachment=25548] (requires .NET 3.5)
Note: Realistically, any application needs to be written in .NET 3.5 or above to be compatible because of the use of dictionaries and lists.
If anybody would like to, you can write libraries in any language to interface with this API! It would be great
This is an early build of the API, I am in no way responsible for any damages caused by the use or misuse of this API.
The API is designed specifically to NOT display any sensitive information (such as passwords) and any information presented by the API is encrypted.
Keep your API key safe and don't tell anyone that doesn't need to know!
Encryption:
The API uses TripleDES as its encryption algorithm. It uses the Rijndael version in CBC cipher mode. The Key is 32 character, and the IV is 32 characters (providing 256 bits of encryption). The data is "zero" padded. The "API Key" is actually the Key followed by the IV (32 character key, followed by 32 character IV). This method is fast, secure and allows multiple platforms to communicate securely. The algorithm (3DES) is used in the banking
industry for the transfer of PIN codes between merchant and Bank!
You can get the following information from the API:
- Salt Information
- User Validation
- Settings Information
- User information
- ThreadListings
- Subforum Listings
- Thread Information and Post lists
1. The User Salt--
This is the MyBB salt fom the database, you ned to supply a UID for this. The salt is needed when you are asking the API to validate a password
as the password needs to be hashed (in the normal mybb way) on the client side, before being encrypted and passed to the API.
EG URL String:
http://mysite.com/mybb/api.php?action=salt&uid=1
2. Password Validation--
The API is capable of validating any password from a given username. The username and password hash given should both be encrypted. The password
hash needs to be generated on the client side BEFORE encryption and sending. This is to prevent the sending of plaintext passwords
(although behind encryption) to the API.
Hash Generation:
MyBB uses the following hash generation algorithm (PHP Syntax):
md5(md5($salt).md5($password))EG URL String:
http://mysite.com/mybb/api.php?action=va...RYPTEDHASH
3. Getting Settings--
The API also allows you to retreive all setting information held within the "Settings" table of MyBB. The settings are returned, encrypted, in the
following xml format string:
<root><settings><s_SETTINGNAME>SETTINGDATA</s_SETTINGNAME></settings></root>EG URL String:
http://mysite.com/mybb/api.php?action=settings
4. Getting User Info--
Use information can also be pulled using the API. All information from the users table is used, apart fom the "password" field, containing the
user hash. This was done for security purposes. The username should be passed ot the API encrypted.
The data is returned in the following XML string format:
<root><user><u_USERFIELD>DATA</u_USERFIELD></user></root>EG URL String:
http://mysite.com/mybb/api.php?action=us...EDUSERNAME
5. Thread Listings
This feature mimics the forumdisplay.php output, offering thread listings. It has a number of options to customize the output.
The request should be made in plain text, no need for encryption with this call.
Options:
- "fid" => The mandatory field, the API will return 0 if one is not specified.
- "page" => The page number, the effect of this option is altered by the "num" option. If a page number is selected that doesn't
exist, the page will be set to 0.
- "num" => The number of threads to display on each page. If no numerb is specified, 10 are shown.
- "sort" => The sorting field to use.If no sort is specified, "lastpost" is used. This has a number of options:
- "lastpost" = The date of the last post
- "subject" = The alphabetical title of the subject
- "replies" = The number of replies
- "views" = The number of views
- "username" = The alphabetical username
- "averagerating" = The average user rating
- "dateline" = The date of original posting
- "order" => The order to sort in. This should be "ASC" or "DESC" (capitalized). If no order is specified, DESC is used.
- "lastpost" = The date of the last post
The response is, again, in the form of an XML string in the following format:
<root><t_INCREMENTEDCOUNT><FIELD>DATA</FIELD></t_INCREMENTEDCOUNT></root>EG URL String:
http://mysite.com/mybb/api.php?action=fo...der={ORDER}
NOTE: The paramters can be passed in any order, and any missed parameters will result in default values being used.
6.Subforum Listings
This allows you to determine if a given forum has any subforums, and if so, allows you to display information on them.
All information is passed with this request, in an encrypted format. The return is sent back as an XML string as follows:
<root><f_{COUNT}><{FIELD}>{DATA}</{FIELD}></f_{COUNT}></root>NOTE: The f_{COUNT} element is used because a single forum may have multiple subforums.
EG URL String:
http://mysite.com/mybb/api.php?action=su...s&fid={FID}
7. Thread information and PostLists
This call has two options that present very different data. The first is information on the given thread (default if no option is designated)
and the second is a list of posts within that thread, with relevant information.
Options:
- "info" => The default option, giving information on the thread ID given.
- "postlist" => Gives a list of posts, along with all information on those posts.
The data is returned in one of 2 XML strings:
- Using the "info" switch:
<root><thread><t_{FIELD}>{DATA}</t_{FIELD}></thread></root>- Using the "postlist" switch:
<root><postlist><p_{COUNT}><{FIELD}><{DATA}</{FIELD}></p_{COUNT}></postlist></root>EG URL String:
http://mysite.com/mybb/api.php?action=th...}&tid={TID}
This is a brief overview of the API so far, expect more features to come!
Downloads:
The API:
Use this for any projects
[attachment=25546]
.NET Library & Test App
Library: [attachment=25547] (requires .NET 2.0)
Test App: [attachment=25548] (requires .NET 3.5)
Note: Realistically, any application needs to be written in .NET 3.5 or above to be compatible because of the use of dictionaries and lists.
If anybody would like to, you can write libraries in any language to interface with this API! It would be great