gnu-social/doc-src/twitterapi

431 lines
13 KiB
Plaintext
Raw Normal View History

## Authentication
### HTTP Basic authentication
The API uses [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication).
Note that this means that users with only an OpenID login cannot use the API; they have to add a
password to their account using the control panel on the site.
### OAuth authentication
OAuth 1.0a authentication for API resources is also supported. Generally, StatusNet's
UI and API are similar to Twitter's for OAuth applications (if you're new to OAuth
check out [Beginners Guide to OAuth](http://hueniverse.com/oauth/)).
To use OAuth, you'll need to register your client application via the web interface
and obtain a consumer key and secret. You can find the interface for application
2017-05-30 06:55:39 +09:00
registration at [%%action.oauthappssettings%%](%%action.oauthappssettings%%).
## JSONP callbacks
For API methods that return [JSON](https://en.wikipedia.org/wiki/JSON), an optional
JSONP-style callback parameter is supported. If supplied, the response will be in
JSONP format with a callback of the given name. To make it easier for clients to
handle error conditions, HTTP error codes are suppressed, and the errors will be
returned in the response body when using JSONP.
## Rate limiting
There is currently no rate-limiting.
## Gotchas
Some things to remember:
* %%site.name%% supports the
[OStatus federation protocol](https://en.wikipedia.org/wiki/OStatus) (as well as
[OpenMicroBlogging](https://en.wikipedia.org/wiki/OpenMicroBlogging) for backwards
compatibility), so many notices and friends' profiles may come from other servers.
* User nicknames are unique, but they are not globally unique. Use the ID number
instead.
* Private streams are not implemented yet.
* GNU social sites can be configured as private. In that case, all API methods
require authentication, including the public timeline (see the 'config' method
below).
* If "Fancy URLs" are not enabled, urls from above need to include "index.php" at
the root. ( e.g. http://example.org/statusnet/api becomes http://www.example.org/statusnet/index.php/api )
* The `since_id` parameter does not work as documented by Twitter. Twitter says of
`since_id`: "There are limits to the number of Tweets which can be accessed
through the API. If the limit of Tweets has occured since the `since_id`, the
`since_id` will be forced to the oldest ID available." However, GNU social will
return the newest notices (or the newest back from max_id, if present)! Also, a
`since_id` <= 0 will be ignored.
## Timeline resources
### statuses/public_timeline
Returns the 20 most recent notices, including repeats if they exist, from
non-protected users.
### statuses/home_timeline
Returns the 20 most recent notices, including repeats if they exist, posted by the
authenticating user and the users they follow. This is the same timeline seen by a
user when they login to their instance. This method is identical to
statuses/friends_timeline, except that this method always includes repeats.
### statuses/friends_timeline
Alias of statuses/home_timeline
### statuses/friends_timeline/:username
Alias of statuses/home_timeline for the specified username
### statuses/mentions
Returns the 20 most recent mentions (notices containing @username) for the
authenticating user.
This method will not include repeats in the XML and JSON responses unless the
include_rts parameter is set. The RSS and Atom responses will always include repeats
as notices prefixed with RT.
### statuses/replies
Alias of statuses/mentions
### statuses/replies/:username
Alias of statuses/mentions for the specified username
### statuses/user_timeline
Returns the 20 most recent notices posted by the authenticating user. It is also
possible to request another user's timeline by using the screen\_name or user_id
parameter. The other users timeline will only be visible if they are not protected,
or if the authenticating user's follow request was accepted by the protected user.
This method will not include repeats in the XML and JSON responses unless the
include_rts parameter is set. The RSS and Atom responses will always include
repeats as notices prefixed with RT, regardless of provided parameters.
### statuses/retweeted\_to_me
Not implemented.
### statuses/retweeted\_by_me
Not implemented.
### statuses/retweets\_of_me
Not implemented.
## Status resources
### statuses/show/:id
Returns a single notice, specified by the id parameter. The notice's author will be
returned inline.
### statuses/update
Post a new notice as the authenticating user.
Additional 'media' parameter allows binary multimedia uploads (images, etc.). Format
post data as multipart/form-data when using the 'media' parameter.
### statuses/destroy/:id
Destroys the notice specified by the required ID parameter. The authenticating user
must be the author of the specified notice. Returns the destroyed notice if successful.
### statuses/retweet/:id
Repeats a notice. Returns the original notice with repeat details embedded.
## User resources
### statuses/friends
Returns the user's subscriptions (friends) as an array of profiles.
### statuses/followers
Returns the user's subscribers (followers) as an array of profiles.
### users/show
Returns extended information of a given user, specified by ID or screen name as per
the required id parameter.
## Direct message resources
### direct_messages
Returns the 20 most recent direct messages sent to the authenticating user. The XML
and JSON versions include detailed information about the sender and recipient user.
### direct_messages/sent
Returns the 20 most recent direct messages sent by the authenticating user. The XML
and JSON versions include detailed information about the sender and recipient user.
### direct_messages/new
Sends a new direct message to the specified user from the authenticating user.
Requires both the user and text parameters and must be a POST. Returns the sent
message in the requested format if successful.
### direct_messages/destroy
Not implemented.
## Friendships resources
### friendships/create
Allows the authenticating users to follow the user specified in the ID parameter.
Returns the befriended user in the requested format when successful. Returns a
string describing the failure condition when unsuccessful.
If you are already friends with the user a HTTP 403 may be returned, though for
performance reasons you may get a 200 OK message even if the friendship already
exists.
Note that users cannot subscribe to remote profiles using this API.
### friendships/destroy
Allows the authenticating users to unfollow the user specified in the ID parameter.
Returns the unfollowed user in the requested format when successful. Returns a
string describing the failure condition when unsuccessful.
Users can unsubscribe to a remote profile using this API, but it's preferred to use
numeric IDs to nicknames.
### friendships/exists
Test for the existence of friendship between two users. Will return true if user\_a
follows user_b, otherwise will return false. Authentication is required if either
user A or user B are protected. Additionally the authenticating user must be a
follower of the protected user.
### friendships/show
Returns detailed information about the relationship between two users.
## Friends and subscribers resources
### friends/ids
Returns an array of numeric IDs for every user the specified user is subscribed to.
This method is powerful when used in conjunction with users/lookup.
### followers/ids
Returns an array of numeric IDs for every user subscsribed to the specified user.
This method is powerful when used in conjunction with users/lookup.
## Account resources
### account/verify_credentials
Returns an HTTP 200 OK response code and a representation of the requesting user if
authentication was successful; returns a 401 status code and an error message if
not. Use this method to test if supplied user credentials are valid.
### account/end_session
Not implemented.
### account/update\_delivery_device
Not implemented.
### account/rate\_limit_status
Returns the remaining number of API requests available to the requesting user before
the API limit is reached.
We have no rate limit, so this always returns 150 hits left.
### account/update\_profile\_background_image
Updates the authenticating user's profile background image. This method can also be
used to enable or disable the profile background image.
### account/update\_profile_image
Updates the authenticating user's profile image. Note that this method expects raw
multipart data, not a URL to an image.
## Favorite resources
### favorites
Returns the 20 most recent favorite statuses for the authenticating or specified
user in the requested format.
### favorites/create/:id
Favorites the status specified in the ID parameter as the authenticating user.
Returns the favorite status when successful.
### favorites/destroy/:id
Un-favorites the status specified in the ID parameter as the authenticating user.
Returns the un-favorited status in the requested format when successful.
## Notification resources
### notifications/follow
Not implemented.
### notifications/leave
Not implemented.
## Block resources
### blocks/create
Blocks the specified user from following the authenticating user. In addition the
blocked user will not show in the authenticating users mentions or timeline (unless
retweeted by another user). If a follow or friend relationship exists it is
destroyed.
### blocks/destroy
Un-blocks the user specified in the ID parameter for the authenticating user.
Returns the un-blocked user in the requested format when successful. If
relationships existed before the block was instated, they will not be restored.
### blocks/exists
Not implemented.
### blocks/blocking
Not implemented.
## Help resources
### help/test
Returns the string "ok" in the requested format with a 200 OK HTTP status code. This
method is great for sending a HEAD request to determine our servers current time.
## OAuth resources
It is strongly recommended you use HTTPS for all OAuth authorization steps.
### oauth/request_token
Allows a Consumer application to obtain an OAuth Request Token to request user
authorization. This method fulfills Section 6.1 of the OAuth 1.0 authentication
flow. It is strongly recommended you use HTTPS for all OAuth authorization steps.
### oauth/authorize
Allows a Consumer application to use an OAuth Request Token to request user
authorization. This method fulfills Section 6.2 of the OAuth 1.0 authentication
flow. Desktop applications must use this method (and cannot use GET oauth/authenticate).
### oauth/access_token
Allows a Consumer application to exchange the OAuth Request Token for an OAuth
Access Token. This method fulfills Section 6.3 of the OAuth 1.0 authentication flow.
The OAuth access token may also be used for xAuth operations.
## Search
The search method supports the following optional URL parameters:
* **callback**: if supplied when using the JSON format, the response will use the
JSONP format with a callback of the given name.
* **rpp**: the number of notices to return per page, up to a max of 100.
* **page**: the page number (starting at 1) to return.
* **since_id:**: returns notices with ids greater than the given id.
Note:
* The search does not support operators, such as "from:", "to:" and booleans.
* Notice content is HTML-encoded.
### search
Returns relevant notices that match a specified query.
### Atom
To request search results in Atom, append your URL-encoded query as a parameter to
the search method and specify the Atom format:
`%%site.server%%/%%site.path%%api/search.atom?q=<query>`
### JSON
To request search results in JSON, append your URL-encoded query as a parameter to
the search method and specify the JSON format:
`%%site.server%%/%%site.path%%api/search.json?q=<query>`
## Additional resources
These are extensions to the Twitter API that expose additional functionality.
### Group resources
#### statusnet/groups/timeline
Shows a group's timeline. Similar to other timeline resources.
#### statusnet/groups/show
Show a groups profile.
#### statusnet/groups/create
Create a new group.
#### statusnet/groups/join
Join a group.
#### statusnet/groups/leave
Leave a group.
#### statusnet/groups/list
Show the groups a given user is a member of.
#### statusnet/groups/list_all
List all local groups.
#### statusnet/groups/membership
List the members of a given group.
#### statusnet/groups/is_member
Determine whether a given user is a member of a given group.
### Tag resources
#### statusnet/tags/timeline
Shows a tag's timeline. Similar to other timeline resources.
### Media resources
#### statusnet/media/upload
Endpoint for uploading an image. Returns a URL that can be used in a status update.
Format post data as multipart/form-data.
### Configuration
#### statusnet/config
Show an instance's configuration information.
Of special note is the `<private>` element (config/site/private), which indicates
whether a site is private. When a site is configured as private every other API
method requires authentication, including the public timeline (`/api/statuses/public_timeline.format`).