MyBB Community Forums

Since I don't have the time any longer, I have made the repo public

https://bitbucket.org/pavemen/myapi

Its a free account so i can only have 5 contributors, but you should be able to review the source and things like that. It's focus was 1.6 and now that 1.8 is coming out, it likely needs to be updated for that.

Thanks to Euan and JN-Jones for their support and help with the code so far.

(2014-08-14, 09:31 AM)Robust Wrote: [ -> ]User information
Thread information
Forum display thread listing
Index forums and categories

I will give try to do that

(2014-08-14, 08:09 AM)Cameron:D Wrote: [ -> ]Was talking about pavemen's post. I'd love an API sort of thing, I currently have a few users who just scrape the HTML pages and extract the content so they'd love an API.

If they can wait just few days, I'm tweaking things up and will publish it on mods

Though, I just want to know something, should the "authenticate" API accept as many requests from an API key as possible? Cause this could lead to a brute-frocing password cracking. Should I consider that if the admin allows the "authenticate" API, people with API Key can send as many requests to that API as they want?

The API should be called with CURL and pass a token (or user/pass) with each request when authentication is needed. Look how we have implemented it.

<edit> as for your question about accepting multiple requests, my implementation also sets an allowable IP that the requests can come from. I know its not perfect, but for a busy site where the main site is calling MyBB stuff all the time (like details for the header/footer base don the logged in user) or latest posts, etc then you can easily hit a rate limit you build in

(2014-08-15, 06:01 PM)pavemen Wrote: [ -> ]The API should be called with CURL and pass a token (or user/pass) with each request when authentication is needed. Look how we have implemented it.

<edit> as for your question about accepting multiple requests, my implementation also sets an allowable IP that the requests can come from. I know its not perfect, but for a busy site where the main site is calling MyBB stuff all the time (like details for the header/footer base don the logged in user) or latest posts, etc then you can easily hit a rate limit you build in

Actually to call an API that needs authentication, I made it so you have to pass your API key, the user's username and password. I'm just worried about brute-forcing passwords. There should be a limitation.

And of course you call it with cURL, or any other client you want, if you have some time to spare we could take a look at this plugin together

Add a rate limit option for each API key then (number of requests per hour or whatever).

(2014-08-15, 08:29 PM)Euan T Wrote: [ -> ]Add a rate limit option for each API key then (number of requests per hour or whatever).

Oh thanks, that's a good idea

Just to keep you updated, now you can choose to enable/disable an API for everyone :



Or go to a specific API Key and give it access to certain APIs only, so that not all the API keys can access all the APIs :



You also have the following output options :

- JSON
- JSONPretty (visually readable JSON)
- JSONP (with a callback option)
- XML
- Serialize (PHP Unserializable object)

A HTTPS Only option in the configuration, for more secure transitions.

Update

- Now you can limit the access to an API as follows



Also, you can enter 0 for unlimited.

The API System also supports Banned IPs from the Admin CP, as it includes the default global.php file So you can ban an IP, although I will explain why that's not good, instead you shouldn't give an API key to a customer if you're gonna ban his IP.

---

Example of the system :
Calling the online API, which provides you with the online users. With the following headers :

- apikey : A valid API key produced by the system
- output : json

will produce the following output :

{
    "users": [
        {
            "sid": "4a389f6a6cfd12b41c252b77aaf31c61",
            "ip": "::1",
            "uid": "1",
            "time": "1408572009",
            "location": "\/online?",
            "username": "admin",
            "nopermission": "0",
            "invisible": "0",
            "usergroup": "4",
            "displaygroup": "0",
            "activity": {
                "activity": "unknown",
                "location": "\/online?"
            },
            "display": "<span style=\"color: green;\"><strong><em>admin<\/em><\/strong><\/span>"
        }
    ],
    "guests": [],
    "count": "1",
    "wolcutoffmins": "15",
    "mostonline": {
        "numusers": 2,
        "time": 1408543064
    }
}

For each user, I added a display field, to make it easy to reproduce the same output as the one in the forums the count field is the number of total users online. wolcutoffmins is a settings entry, and corresponds to the number of minutes MyBB uses to consider a session still active. Other fields can be discussed, if you think we shouldn't return the IP Address of each user as a result of the API, well, the user would have visited the customer's website anyway, the customer wouldn't need to call our API to get the user's IP.

Of course I'm not reinventing the wheel, I try to reuse a maximum of already-coded functions to produce these results.

API URLs are now in the following form :
http://forum-url.tld/api.php/online/path...parameters

Also, an API can throw an exception, which is handled in a very nice way, I will detail all that later on

Do you have a public repo for it?

Looking good