NodeBB/nodebb-plugin-write-api
2
0
Fork 0
mirror of https://hk.gh-proxy.com/https://github.com/NodeBB/nodebb-plugin-write-api.git synced 2025-10-04 04:31:14 +08:00
Code Issues Projects Packages Wiki Activity Actions
A RESTful JSON-speaking API allowing you to write things to NodeBB
583 commits 9 branches 52 tags 3.6 MiB
Find a file
renovate[bot] 0e52c0a98c chore(deps): update dependency eslint to v9.25.1
2025-04-21 13:31:30 -04:00
less proper use of user icons in user tokens list 2016-06-24 10:58:49 -04:00
lib fix: unlocalized error if language key has args 2020-04-15 15:51:04 -04:00
public/js select entire token on input field click 2018-04-27 10:39:41 -04:00
routes fix: post edit not working for tags/topic-thumb 2021-03-22 10:49:05 -04:00
templates/admin/plugins select entire token on input field click 2018-04-27 10:39:41 -04:00
.eslintrc feat: adding eslint, husky, lint-staged, blah blah 2020-04-14 13:42:16 -04:00
.gitignore added stuff to gitignore 2015-01-20 18:12:37 -05:00
commitlint.config.js chore: lint, updated commitlint config 2020-11-10 11:24:36 -05:00
index.js refactor: middleware.requireUser to be async 2020-10-06 09:34:02 -04:00
package.json chore(deps): update dependency eslint to v9.25.1 2025-04-21 13:31:30 -04:00
plugin.json fix: v2 compat 2022-07-20 16:08:19 -04:00
README.md chore: add deprecation notice to drive users to /api/v3 2020-12-14 14:35:42 -05:00
renovate.json chore(deps): add renovate.json 2021-11-11 10:11:27 -05:00
yarn.lock chore(deps): update dependency eslint to v9.25.1 2025-04-21 13:31:30 -04:00

README.md

Deprecation

As of NodeBB v1.15.0, this plugin is deprecated and has entered maintenance mode. You can of course still use this plugin with versions of v1.15.x and beyond, and I will continue to ensure it is compatible; however new features will not be added.

Please see this blog post for more information

New users are recommended to use the built-in Write API that comes with NodeBB v1.15.0 and up.

Write API

This plugin exposes a write enabled API interface for NodeBB. It is useful if you would like to supplment the built-in read-only API, in order to push items/actions/events to NodeBB.

For example, without this plugin, one can easily retrieve the contents of a post by prefixing api/ to the corresponding route. (e.g. https://community.nodebb.org/api/topic/687/help-translate-nodebb/2).

With this plugin, however, you can create content on NodeBB externally (new topics, new posts, etc), which comes in handy when third-party applications want deeper integration with NodeBB.

Installation

Install this plugin via the plugins page in the ACP.

Alternatively:

$ cd /path/to/nodebb/node_modules
$ git clone git@github.com:NodeBB/nodebb-plugin-write-api.git
$ cd nodebb-plugin-write-api
$ npm i

In both methods, you will need to ./nodebb build before (re-)starting your NodeBB forum.

API Resources

Quick Start

  1. Install and activate the plugin, reload NodeBB
  2. Generate your uid an API token in the ACP page
  3. curl -H "Authorization: Bearer {YOUR_TOKEN}" --data "title={TITLE}&content={CONTENT}&cid={CID}" http://localhost:4567/api/v1/topics

Authentication

Authentication is handled either via HTTP Bearer Token or JSON Web Token, as generated/specified in the Write API.

Bearer Tokens

There are two types of tokens:

  • A user token is associated with a specific uid, and all calls made are made in the name of that user
  • A master token is not associated with any specific uid, though a _uid parameter is required in the request, and then all calls are made in the name of that user. This is the only difference between the two tokens. A master token with _uid set to a non-administrator will not allow you to make administrative calls.

Note: The first token can be generated via the administration page (admin/plugins/write-api), or via the token generation route (POST /api/v1/users/{UID}/tokens) by sending in a password, but additional user tokens can be generated using an existing user/master token.

JSON Web Tokens

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

To make requests with a JSON Web Token instead of a user/master token, sign the entire request payload with the same secret as defined in the plugin, and either send it in the POST body, or as a query string parameter. In both cases, the key token is used.

For example,

$ curl http://localhost:4567/api/v1/users/1/tokens?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfdWlkIjoxfQ.pbm5wbAZ4__yFh5y8oeCsJyT0dm8ROcd5SEBr4yGlNw  # secret is 'secret'

Error Handling

When the API encounters an error, it will do it's best to report what went wrong. Errors will follow the format specified in this example:

{
    "code": "not-authorised",
    "message": "You are not authorised to make this call",
    "params": {}
}

Changelog

v5.0

  • Introduced v2 router with breaking changes to some routes (see api/v2 Endpoints for more information)
  • Additional validation for post routes in v2 router only

v4.6

  • Bug fixes
  • Allowing users to generate token via password input (only in token generation route)

v4.5

  • Bug fixes
  • Updated integration with NodeBB so that privileged assets in NodeBB (e.g. /unread) can be retrieved for a user via user/master tokens

v4.2

  • Fix bug with topic deletion
  • Introduced support for category enable/disable, and category purge (deletion)

v4.1

  • Allow addition of tags when creating topics
  • Handling post deletion via API

v3.x to v4.x

  • Made compatible with NodeBB v1.0.0

v3.1

  • Introduced support for JSON Web Tokens

v2.x to v3.x

  • users/ routes now take a uid instead of a userslug. This affects the following routes:
    • PUT /api/v1/users/:userslug -> PUT /api/v1/users/:uid
    • POST /api/v1/users/:userslug/follow -> POST /api/v1/users/:uid/follow
    • DELETE /api/v1/users/:userslug/follow -> DELETE /api/v1/users/:uid/follow