431 lines
13 KiB
Plaintext
431 lines
13 KiB
Plaintext
## Authentication
|
||
|
||
### HTTP Basic authentication
|
||
|
||
The API uses [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication).
|
||
Note that this means that users with only an OpenID login cannot use the API; they have to add a
|
||
password to their account using the control panel on the site.
|
||
|
||
### OAuth authentication
|
||
|
||
OAuth 1.0a authentication for API resources is also supported. Generally, StatusNet's
|
||
UI and API are similar to Twitter's for OAuth applications (if you're new to OAuth
|
||
check out [Beginner’s Guide to OAuth](http://hueniverse.com/oauth/)).
|
||
|
||
To use OAuth, you'll need to register your client application via the web interface
|
||
and obtain a consumer key and secret. You can find the interface for application
|
||
registration at [http://%%site.server%%/%%site.path%%settings/oauthapps](http://%%site.server%%/%%site.path%%settings/oauthapps).
|
||
|
||
## JSONP callbacks
|
||
|
||
For API methods that return [JSON](https://en.wikipedia.org/wiki/JSON), an optional
|
||
JSONP-style callback parameter is supported. If supplied, the response will be in
|
||
JSONP format with a callback of the given name. To make it easier for clients to
|
||
handle error conditions, HTTP error codes are suppressed, and the errors will be
|
||
returned in the response body when using JSONP.
|
||
|
||
## Rate limiting
|
||
|
||
There is currently no rate-limiting.
|
||
|
||
## Gotchas
|
||
|
||
Some things to remember:
|
||
|
||
* %%site.name%% supports the
|
||
[OStatus federation protocol](https://en.wikipedia.org/wiki/OStatus) (as well as
|
||
[OpenMicroBlogging](https://en.wikipedia.org/wiki/OpenMicroBlogging) for backwards
|
||
compatibility), so many notices and friends' profiles may come from other servers.
|
||
* User nicknames are unique, but they are not globally unique. Use the ID number
|
||
instead.
|
||
* Private streams are not implemented yet.
|
||
* GNU social sites can be configured as private. In that case, all API methods
|
||
require authentication, including the public timeline (see the 'config' method
|
||
below).
|
||
* If "Fancy URLs" are not enabled, urls from above need to include "index.php" at
|
||
the root. ( e.g. http://example.org/statusnet/api becomes http://www.example.org/statusnet/index.php/api )
|
||
* The `since_id` parameter does not work as documented by Twitter. Twitter says of
|
||
`since_id`: "There are limits to the number of Tweets which can be accessed
|
||
through the API. If the limit of Tweets has occured since the `since_id`, the
|
||
`since_id` will be forced to the oldest ID available." However, GNU social will
|
||
return the newest notices (or the newest back from max_id, if present)! Also, a
|
||
`since_id` <= 0 will be ignored.
|
||
|
||
## Timeline resources
|
||
|
||
### statuses/public_timeline
|
||
|
||
Returns the 20 most recent notices, including repeats if they exist, from
|
||
non-protected users.
|
||
|
||
### statuses/home_timeline
|
||
|
||
Returns the 20 most recent notices, including repeats if they exist, posted by the
|
||
authenticating user and the users they follow. This is the same timeline seen by a
|
||
user when they login to their instance. This method is identical to
|
||
statuses/friends_timeline, except that this method always includes repeats.
|
||
|
||
### statuses/friends_timeline
|
||
|
||
Alias of statuses/home_timeline
|
||
|
||
### statuses/friends_timeline/:username
|
||
|
||
Alias of statuses/home_timeline for the specified username
|
||
|
||
### statuses/mentions
|
||
|
||
Returns the 20 most recent mentions (notices containing @username) for the
|
||
authenticating user.
|
||
|
||
This method will not include repeats in the XML and JSON responses unless the
|
||
include_rts parameter is set. The RSS and Atom responses will always include repeats
|
||
as notices prefixed with RT.
|
||
|
||
### statuses/replies
|
||
|
||
Alias of statuses/mentions
|
||
|
||
### statuses/replies/:username
|
||
|
||
Alias of statuses/mentions for the specified username
|
||
|
||
### statuses/user_timeline
|
||
|
||
Returns the 20 most recent notices posted by the authenticating user. It is also
|
||
possible to request another user's timeline by using the screen\_name or user_id
|
||
parameter. The other users timeline will only be visible if they are not protected,
|
||
or if the authenticating user's follow request was accepted by the protected user.
|
||
|
||
This method will not include repeats in the XML and JSON responses unless the
|
||
include_rts parameter is set. The RSS and Atom responses will always include
|
||
repeats as notices prefixed with RT, regardless of provided parameters.
|
||
|
||
### statuses/retweeted\_to_me
|
||
|
||
Not implemented.
|
||
|
||
### statuses/retweeted\_by_me
|
||
|
||
Not implemented.
|
||
|
||
### statuses/retweets\_of_me
|
||
|
||
Not implemented.
|
||
|
||
## Status resources
|
||
|
||
### statuses/show/:id
|
||
|
||
Returns a single notice, specified by the id parameter. The notice's author will be
|
||
returned inline.
|
||
|
||
### statuses/update
|
||
|
||
Post a new notice as the authenticating user.
|
||
|
||
Additional 'media' parameter allows binary multimedia uploads (images, etc.). Format
|
||
post data as multipart/form-data when using the 'media' parameter.
|
||
|
||
### statuses/destroy/:id
|
||
|
||
Destroys the notice specified by the required ID parameter. The authenticating user
|
||
must be the author of the specified notice. Returns the destroyed notice if successful.
|
||
|
||
### statuses/retweet/:id
|
||
|
||
Repeats a notice. Returns the original notice with repeat details embedded.
|
||
|
||
## User resources
|
||
|
||
### statuses/friends
|
||
|
||
Returns the user's subscriptions (friends) as an array of profiles.
|
||
|
||
### statuses/followers
|
||
|
||
Returns the user's subscribers (followers) as an array of profiles.
|
||
|
||
### users/show
|
||
|
||
Returns extended information of a given user, specified by ID or screen name as per
|
||
the required id parameter.
|
||
|
||
## Direct message resources
|
||
|
||
### direct_messages
|
||
|
||
Returns the 20 most recent direct messages sent to the authenticating user. The XML
|
||
and JSON versions include detailed information about the sender and recipient user.
|
||
|
||
### direct_messages/sent
|
||
|
||
Returns the 20 most recent direct messages sent by the authenticating user. The XML
|
||
and JSON versions include detailed information about the sender and recipient user.
|
||
|
||
### direct_messages/new
|
||
|
||
Sends a new direct message to the specified user from the authenticating user.
|
||
Requires both the user and text parameters and must be a POST. Returns the sent
|
||
message in the requested format if successful.
|
||
|
||
### direct_messages/destroy
|
||
|
||
Not implemented.
|
||
|
||
## Friendships resources
|
||
|
||
### friendships/create
|
||
|
||
Allows the authenticating users to follow the user specified in the ID parameter.
|
||
Returns the befriended user in the requested format when successful. Returns a
|
||
string describing the failure condition when unsuccessful.
|
||
|
||
If you are already friends with the user a HTTP 403 may be returned, though for
|
||
performance reasons you may get a 200 OK message even if the friendship already
|
||
exists.
|
||
|
||
Note that users cannot subscribe to remote profiles using this API.
|
||
|
||
### friendships/destroy
|
||
|
||
Allows the authenticating users to unfollow the user specified in the ID parameter.
|
||
Returns the unfollowed user in the requested format when successful. Returns a
|
||
string describing the failure condition when unsuccessful.
|
||
|
||
Users can unsubscribe to a remote profile using this API, but it's preferred to use
|
||
numeric IDs to nicknames.
|
||
|
||
### friendships/exists
|
||
|
||
Test for the existence of friendship between two users. Will return true if user\_a
|
||
follows user_b, otherwise will return false. Authentication is required if either
|
||
user A or user B are protected. Additionally the authenticating user must be a
|
||
follower of the protected user.
|
||
|
||
### friendships/show
|
||
|
||
Returns detailed information about the relationship between two users.
|
||
|
||
## Friends and subscribers resources
|
||
|
||
### friends/ids
|
||
|
||
Returns an array of numeric IDs for every user the specified user is subscribed to.
|
||
This method is powerful when used in conjunction with users/lookup.
|
||
|
||
### followers/ids
|
||
|
||
Returns an array of numeric IDs for every user subscsribed to the specified user.
|
||
This method is powerful when used in conjunction with users/lookup.
|
||
|
||
## Account resources
|
||
|
||
### account/verify_credentials
|
||
|
||
Returns an HTTP 200 OK response code and a representation of the requesting user if
|
||
authentication was successful; returns a 401 status code and an error message if
|
||
not. Use this method to test if supplied user credentials are valid.
|
||
|
||
### account/end_session
|
||
|
||
Not implemented.
|
||
|
||
### account/update\_delivery_device
|
||
|
||
Not implemented.
|
||
|
||
### account/rate\_limit_status
|
||
|
||
Returns the remaining number of API requests available to the requesting user before
|
||
the API limit is reached.
|
||
|
||
We have no rate limit, so this always returns 150 hits left.
|
||
|
||
### account/update\_profile\_background_image
|
||
|
||
Updates the authenticating user's profile background image. This method can also be
|
||
used to enable or disable the profile background image.
|
||
|
||
### account/update\_profile_image
|
||
|
||
Updates the authenticating user's profile image. Note that this method expects raw
|
||
multipart data, not a URL to an image.
|
||
|
||
## Favorite resources
|
||
|
||
### favorites
|
||
|
||
Returns the 20 most recent favorite statuses for the authenticating or specified
|
||
user in the requested format.
|
||
|
||
### favorites/create/:id
|
||
|
||
Favorites the status specified in the ID parameter as the authenticating user.
|
||
Returns the favorite status when successful.
|
||
|
||
### favorites/destroy/:id
|
||
|
||
Un-favorites the status specified in the ID parameter as the authenticating user.
|
||
Returns the un-favorited status in the requested format when successful.
|
||
|
||
## Notification resources
|
||
|
||
### notifications/follow
|
||
|
||
Not implemented.
|
||
|
||
### notifications/leave
|
||
|
||
Not implemented.
|
||
|
||
## Block resources
|
||
|
||
### blocks/create
|
||
|
||
Blocks the specified user from following the authenticating user. In addition the
|
||
blocked user will not show in the authenticating users mentions or timeline (unless
|
||
retweeted by another user). If a follow or friend relationship exists it is
|
||
destroyed.
|
||
|
||
### blocks/destroy
|
||
|
||
Un-blocks the user specified in the ID parameter for the authenticating user.
|
||
Returns the un-blocked user in the requested format when successful. If
|
||
relationships existed before the block was instated, they will not be restored.
|
||
|
||
### blocks/exists
|
||
|
||
Not implemented.
|
||
|
||
### blocks/blocking
|
||
|
||
Not implemented.
|
||
|
||
## Help resources
|
||
|
||
### help/test
|
||
|
||
Returns the string "ok" in the requested format with a 200 OK HTTP status code. This
|
||
method is great for sending a HEAD request to determine our servers current time.
|
||
|
||
## OAuth resources
|
||
|
||
It is strongly recommended you use HTTPS for all OAuth authorization steps.
|
||
|
||
### oauth/request_token
|
||
|
||
Allows a Consumer application to obtain an OAuth Request Token to request user
|
||
authorization. This method fulfills Section 6.1 of the OAuth 1.0 authentication
|
||
flow. It is strongly recommended you use HTTPS for all OAuth authorization steps.
|
||
|
||
### oauth/authorize
|
||
|
||
Allows a Consumer application to use an OAuth Request Token to request user
|
||
authorization. This method fulfills Section 6.2 of the OAuth 1.0 authentication
|
||
flow. Desktop applications must use this method (and cannot use GET oauth/authenticate).
|
||
|
||
### oauth/access_token
|
||
|
||
Allows a Consumer application to exchange the OAuth Request Token for an OAuth
|
||
Access Token. This method fulfills Section 6.3 of the OAuth 1.0 authentication flow.
|
||
The OAuth access token may also be used for xAuth operations.
|
||
|
||
## Search
|
||
|
||
The search method supports the following optional URL parameters:
|
||
|
||
* **callback**: if supplied when using the JSON format, the response will use the
|
||
JSONP format with a callback of the given name.
|
||
* **rpp**: the number of notices to return per page, up to a max of 100.
|
||
* **page**: the page number (starting at 1) to return.
|
||
* **since_id:**: returns notices with ids greater than the given id.
|
||
|
||
Note:
|
||
|
||
* The search does not support operators, such as "from:", "to:" and booleans.
|
||
* Notice content is HTML-encoded.
|
||
|
||
### search
|
||
|
||
Returns relevant notices that match a specified query.
|
||
|
||
### Atom
|
||
|
||
To request search results in Atom, append your URL-encoded query as a parameter to
|
||
the search method and specify the Atom format:
|
||
|
||
`%%site.server%%/%%site.path%%api/search.atom?q=<query>`
|
||
|
||
### JSON
|
||
|
||
To request search results in JSON, append your URL-encoded query as a parameter to
|
||
the search method and specify the JSON format:
|
||
|
||
`%%site.server%%/%%site.path%%api/search.json?q=<query>`
|
||
|
||
## Additional resources
|
||
|
||
These are extensions to the Twitter API that expose additional functionality.
|
||
|
||
### Group resources
|
||
|
||
#### statusnet/groups/timeline
|
||
|
||
Shows a group's timeline. Similar to other timeline resources.
|
||
|
||
#### statusnet/groups/show
|
||
|
||
Show a groups profile.
|
||
|
||
#### statusnet/groups/create
|
||
|
||
Create a new group.
|
||
|
||
#### statusnet/groups/join
|
||
|
||
Join a group.
|
||
|
||
#### statusnet/groups/leave
|
||
|
||
Leave a group.
|
||
|
||
#### statusnet/groups/list
|
||
|
||
Show the groups a given user is a member of.
|
||
|
||
#### statusnet/groups/list_all
|
||
|
||
List all local groups.
|
||
|
||
#### statusnet/groups/membership
|
||
|
||
List the members of a given group.
|
||
|
||
#### statusnet/groups/is_member
|
||
|
||
Determine whether a given user is a member of a given group.
|
||
|
||
### Tag resources
|
||
|
||
#### statusnet/tags/timeline
|
||
|
||
Shows a tag's timeline. Similar to other timeline resources.
|
||
|
||
### Media resources
|
||
|
||
#### statusnet/media/upload
|
||
|
||
Endpoint for uploading an image. Returns a URL that can be used in a status update.
|
||
Format post data as multipart/form-data.
|
||
|
||
### Configuration
|
||
|
||
#### statusnet/config
|
||
|
||
Show an instance's configuration information.
|
||
|
||
Of special note is the `<private>` element (config/site/private), which indicates
|
||
whether a site is private. When a site is configured as private every other API
|
||
method requires authentication, including the public timeline (`/api/statuses/public_timeline.format`).
|