431 lines
13 KiB
Plaintext
431 lines
13 KiB
Plaintext
|
## Authentication
|
|||
|
|
|||
|
### HTTP Basic authentication
|
|||
|
|
|||
|
The API uses [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication).
|
|||
|
Note that this means that users with only an OpenID login cannot use the API; they have to add a
|
|||
|
password to their account using the control panel on the site.
|
|||
|
|
|||
|
### OAuth authentication
|
|||
|
|
|||
|
OAuth 1.0a authentication for API resources is also supported. Generally, StatusNet's
|
|||
|
UI and API are similar to Twitter's for OAuth applications (if you're new to OAuth
|
|||
|
check out [Beginner’s Guide to OAuth](http://hueniverse.com/oauth/)).
|
|||
|
|
|||
|
To use OAuth, you'll need to register your client application via the web interface
|
|||
|
and obtain a consumer key and secret. You can find the interface for application
|
|||
|
registration at [http://%%site.server%%/%%site.path%%settings/oauthapps](http://%%site.server%%/%%site.path%%settings/oauthapps).
|
|||
|
|
|||
|
## JSONP callbacks
|
|||
|
|
|||
|
For API methods that return [JSON](https://en.wikipedia.org/wiki/JSON), an optional
|
|||
|
JSONP-style callback parameter is supported. If supplied, the response will be in
|
|||
|
JSONP format with a callback of the given name. To make it easier for clients to
|
|||
|
handle error conditions, HTTP error codes are suppressed, and the errors will be
|
|||
|
returned in the response body when using JSONP.
|
|||
|
|
|||
|
## Rate limiting
|
|||
|
|
|||
|
There is currently no rate-limiting.
|
|||
|
|
|||
|
## Gotchas
|
|||
|
|
|||
|
Some things to remember:
|
|||
|
|
|||
|
* %%site.name%% supports the
|
|||
|
[OStatus federation protocol](https://en.wikipedia.org/wiki/OStatus) (as well as
|
|||
|
[OpenMicroBlogging](https://en.wikipedia.org/wiki/OpenMicroBlogging) for backwards
|
|||
|
compatibility), so many notices and friends' profiles may come from other servers.
|
|||
|
* User nicknames are unique, but they are not globally unique. Use the ID number
|
|||
|
instead.
|
|||
|
* Private streams are not implemented yet.
|
|||
|
* GNU social sites can be configured as private. In that case, all API methods
|
|||
|
require authentication, including the public timeline (see the 'config' method
|
|||
|
below).
|
|||
|
* If "Fancy URLs" are not enabled, urls from above need to include "index.php" at
|
|||
|
the root. ( e.g. http://example.org/statusnet/api becomes http://www.example.org/statusnet/index.php/api )
|
|||
|
* The `since_id` parameter does not work as documented by Twitter. Twitter says of
|
|||
|
`since_id`: "There are limits to the number of Tweets which can be accessed
|
|||
|
through the API. If the limit of Tweets has occured since the `since_id`, the
|
|||
|
`since_id` will be forced to the oldest ID available." However, GNU social will
|
|||
|
return the newest notices (or the newest back from max_id, if present)! Also, a
|
|||
|
`since_id` <= 0 will be ignored.
|
|||
|
|
|||
|
## Timeline resources
|
|||
|
|
|||
|
### statuses/public_timeline
|
|||
|
|
|||
|
Returns the 20 most recent notices, including repeats if they exist, from
|
|||
|
non-protected users.
|
|||
|
|
|||
|
### statuses/home_timeline
|
|||
|
|
|||
|
Returns the 20 most recent notices, including repeats if they exist, posted by the
|
|||
|
authenticating user and the users they follow. This is the same timeline seen by a
|
|||
|
user when they login to their instance. This method is identical to
|
|||
|
statuses/friends_timeline, except that this method always includes repeats.
|
|||
|
|
|||
|
### statuses/friends_timeline
|
|||
|
|
|||
|
Alias of statuses/home_timeline
|
|||
|
|
|||
|
### statuses/friends_timeline/:username
|
|||
|
|
|||
|
Alias of statuses/home_timeline for the specified username
|
|||
|
|
|||
|
### statuses/mentions
|
|||
|
|
|||
|
Returns the 20 most recent mentions (notices containing @username) for the
|
|||
|
authenticating user.
|
|||
|
|
|||
|
This method will not include repeats in the XML and JSON responses unless the
|
|||
|
include_rts parameter is set. The RSS and Atom responses will always include repeats
|
|||
|
as notices prefixed with RT.
|
|||
|
|
|||
|
### statuses/replies
|
|||
|
|
|||
|
Alias of statuses/mentions
|
|||
|
|
|||
|
### statuses/replies/:username
|
|||
|
|
|||
|
Alias of statuses/mentions for the specified username
|
|||
|
|
|||
|
### statuses/user_timeline
|
|||
|
|
|||
|
Returns the 20 most recent notices posted by the authenticating user. It is also
|
|||
|
possible to request another user's timeline by using the screen\_name or user_id
|
|||
|
parameter. The other users timeline will only be visible if they are not protected,
|
|||
|
or if the authenticating user's follow request was accepted by the protected user.
|
|||
|
|
|||
|
This method will not include repeats in the XML and JSON responses unless the
|
|||
|
include_rts parameter is set. The RSS and Atom responses will always include
|
|||
|
repeats as notices prefixed with RT, regardless of provided parameters.
|
|||
|
|
|||
|
### statuses/retweeted\_to_me
|
|||
|
|
|||
|
Not implemented.
|
|||
|
|
|||
|
### statuses/retweeted\_by_me
|
|||
|
|
|||
|
Not implemented.
|
|||
|
|
|||
|
### statuses/retweets\_of_me
|
|||
|
|
|||
|
Not implemented.
|
|||
|
|
|||
|
## Status resources
|
|||
|
|
|||
|
### statuses/show/:id
|
|||
|
|
|||
|
Returns a single notice, specified by the id parameter. The notice's author will be
|
|||
|
returned inline.
|
|||
|
|
|||
|
### statuses/update
|
|||
|
|
|||
|
Post a new notice as the authenticating user.
|
|||
|
|
|||
|
Additional 'media' parameter allows binary multimedia uploads (images, etc.). Format
|
|||
|
post data as multipart/form-data when using the 'media' parameter.
|
|||
|
|
|||
|
### statuses/destroy/:id
|
|||
|
|
|||
|
Destroys the notice specified by the required ID parameter. The authenticating user
|
|||
|
must be the author of the specified notice. Returns the destroyed notice if successful.
|
|||
|
|
|||
|
### statuses/retweet/:id
|
|||
|
|
|||
|
Repeats a notice. Returns the original notice with repeat details embedded.
|
|||
|
|
|||
|
## User resources
|
|||
|
|
|||
|
### statuses/friends
|
|||
|
|
|||
|
Returns the user's subscriptions (friends) as an array of profiles.
|
|||
|
|
|||
|
### statuses/followers
|
|||
|
|
|||
|
Returns the user's subscribers (followers) as an array of profiles.
|
|||
|
|
|||
|
### users/show
|
|||
|
|
|||
|
Returns extended information of a given user, specified by ID or screen name as per
|
|||
|
the required id parameter.
|
|||
|
|
|||
|
## Direct message resources
|
|||
|
|
|||
|
### direct_messages
|
|||
|
|
|||
|
Returns the 20 most recent direct messages sent to the authenticating user. The XML
|
|||
|
and JSON versions include detailed information about the sender and recipient user.
|
|||
|
|
|||
|
### direct_messages/sent
|
|||
|
|
|||
|
Returns the 20 most recent direct messages sent by the authenticating user. The XML
|
|||
|
and JSON versions include detailed information about the sender and recipient user.
|
|||
|
|
|||
|
### direct_messages/new
|
|||
|
|
|||
|
Sends a new direct message to the specified user from the authenticating user.
|
|||
|
Requires both the user and text parameters and must be a POST. Returns the sent
|
|||
|
message in the requested format if successful.
|
|||
|
|
|||
|
### direct_messages/destroy
|
|||
|
|
|||
|
Not implemented.
|
|||
|
|
|||
|
## Friendships resources
|
|||
|
|
|||
|
### friendships/create
|
|||
|
|
|||
|
Allows the authenticating users to follow the user specified in the ID parameter.
|
|||
|
Returns the befriended user in the requested format when successful. Returns a
|
|||
|
string describing the failure condition when unsuccessful.
|
|||
|
|
|||
|
If you are already friends with the user a HTTP 403 may be returned, though for
|
|||
|
performance reasons you may get a 200 OK message even if the friendship already
|
|||
|
exists.
|
|||
|
|
|||
|
Note that users cannot subscribe to remote profiles using this API.
|
|||
|
|
|||
|
### friendships/destroy
|
|||
|
|
|||
|
Allows the authenticating users to unfollow the user specified in the ID parameter.
|
|||
|
Returns the unfollowed user in the requested format when successful. Returns a
|
|||
|
string describing the failure condition when unsuccessful.
|
|||
|
|
|||
|
Users can unsubscribe to a remote profile using this API, but it's preferred to use
|
|||
|
numeric IDs to nicknames.
|
|||
|
|
|||
|
### friendships/exists
|
|||
|
|
|||
|
Test for the existence of friendship between two users. Will return true if user\_a
|
|||
|
follows user_b, otherwise will return false. Authentication is required if either
|
|||
|
user A or user B are protected. Additionally the authenticating user must be a
|
|||
|
follower of the protected user.
|
|||
|
|
|||
|
### friendships/show
|
|||
|
|
|||
|
Returns detailed information about the relationship between two users.
|
|||
|
|
|||
|
## Friends and subscribers resources
|
|||
|
|
|||
|
### friends/ids
|
|||
|
|
|||
|
Returns an array of numeric IDs for every user the specified user is subscribed to.
|
|||
|
This method is powerful when used in conjunction with users/lookup.
|
|||
|
|
|||
|
### followers/ids
|
|||
|
|
|||
|
Returns an array of numeric IDs for every user subscsribed to the specified user.
|
|||
|
This method is powerful when used in conjunction with users/lookup.
|
|||
|
|
|||
|
## Account resources
|
|||
|
|
|||
|
### account/verify_credentials
|
|||
|
|
|||
|
Returns an HTTP 200 OK response code and a representation of the requesting user if
|
|||
|
authentication was successful; returns a 401 status code and an error message if
|
|||
|
not. Use this method to test if supplied user credentials are valid.
|
|||
|
|
|||
|
### account/end_session
|
|||
|
|
|||
|
Not implemented.
|
|||
|
|
|||
|
### account/update\_delivery_device
|
|||
|
|
|||
|
Not implemented.
|
|||
|
|
|||
|
### account/rate\_limit_status
|
|||
|
|
|||
|
Returns the remaining number of API requests available to the requesting user before
|
|||
|
the API limit is reached.
|
|||
|
|
|||
|
We have no rate limit, so this always returns 150 hits left.
|
|||
|
|
|||
|
### account/update\_profile\_background_image
|
|||
|
|
|||
|
Updates the authenticating user's profile background image. This method can also be
|
|||
|
used to enable or disable the profile background image.
|
|||
|
|
|||
|
### account/update\_profile_image
|
|||
|
|
|||
|
Updates the authenticating user's profile image. Note that this method expects raw
|
|||
|
multipart data, not a URL to an image.
|
|||
|
|
|||
|
## Favorite resources
|
|||
|
|
|||
|
### favorites
|
|||
|
|
|||
|
Returns the 20 most recent favorite statuses for the authenticating or specified
|
|||
|
user in the requested format.
|
|||
|
|
|||
|
### favorites/create/:id
|
|||
|
|
|||
|
Favorites the status specified in the ID parameter as the authenticating user.
|
|||
|
Returns the favorite status when successful.
|
|||
|
|
|||
|
### favorites/destroy/:id
|
|||
|
|
|||
|
Un-favorites the status specified in the ID parameter as the authenticating user.
|
|||
|
Returns the un-favorited status in the requested format when successful.
|
|||
|
|
|||
|
## Notification resources
|
|||
|
|
|||
|
### notifications/follow
|
|||
|
|
|||
|
Not implemented.
|
|||
|
|
|||
|
### notifications/leave
|
|||
|
|
|||
|
Not implemented.
|
|||
|
|
|||
|
## Block resources
|
|||
|
|
|||
|
### blocks/create
|
|||
|
|
|||
|
Blocks the specified user from following the authenticating user. In addition the
|
|||
|
blocked user will not show in the authenticating users mentions or timeline (unless
|
|||
|
retweeted by another user). If a follow or friend relationship exists it is
|
|||
|
destroyed.
|
|||
|
|
|||
|
### blocks/destroy
|
|||
|
|
|||
|
Un-blocks the user specified in the ID parameter for the authenticating user.
|
|||
|
Returns the un-blocked user in the requested format when successful. If
|
|||
|
relationships existed before the block was instated, they will not be restored.
|
|||
|
|
|||
|
### blocks/exists
|
|||
|
|
|||
|
Not implemented.
|
|||
|
|
|||
|
### blocks/blocking
|
|||
|
|
|||
|
Not implemented.
|
|||
|
|
|||
|
## Help resources
|
|||
|
|
|||
|
### help/test
|
|||
|
|
|||
|
Returns the string "ok" in the requested format with a 200 OK HTTP status code. This
|
|||
|
method is great for sending a HEAD request to determine our servers current time.
|
|||
|
|
|||
|
## OAuth resources
|
|||
|
|
|||
|
It is strongly recommended you use HTTPS for all OAuth authorization steps.
|
|||
|
|
|||
|
### oauth/request_token
|
|||
|
|
|||
|
Allows a Consumer application to obtain an OAuth Request Token to request user
|
|||
|
authorization. This method fulfills Section 6.1 of the OAuth 1.0 authentication
|
|||
|
flow. It is strongly recommended you use HTTPS for all OAuth authorization steps.
|
|||
|
|
|||
|
### oauth/authorize
|
|||
|
|
|||
|
Allows a Consumer application to use an OAuth Request Token to request user
|
|||
|
authorization. This method fulfills Section 6.2 of the OAuth 1.0 authentication
|
|||
|
flow. Desktop applications must use this method (and cannot use GET oauth/authenticate).
|
|||
|
|
|||
|
### oauth/access_token
|
|||
|
|
|||
|
Allows a Consumer application to exchange the OAuth Request Token for an OAuth
|
|||
|
Access Token. This method fulfills Section 6.3 of the OAuth 1.0 authentication flow.
|
|||
|
The OAuth access token may also be used for xAuth operations.
|
|||
|
|
|||
|
## Search
|
|||
|
|
|||
|
The search method supports the following optional URL parameters:
|
|||
|
|
|||
|
* **callback**: if supplied when using the JSON format, the response will use the
|
|||
|
JSONP format with a callback of the given name.
|
|||
|
* **rpp**: the number of notices to return per page, up to a max of 100.
|
|||
|
* **page**: the page number (starting at 1) to return.
|
|||
|
* **since_id:**: returns notices with ids greater than the given id.
|
|||
|
|
|||
|
Note:
|
|||
|
|
|||
|
* The search does not support operators, such as "from:", "to:" and booleans.
|
|||
|
* Notice content is HTML-encoded.
|
|||
|
|
|||
|
### search
|
|||
|
|
|||
|
Returns relevant notices that match a specified query.
|
|||
|
|
|||
|
### Atom
|
|||
|
|
|||
|
To request search results in Atom, append your URL-encoded query as a parameter to
|
|||
|
the search method and specify the Atom format:
|
|||
|
|
|||
|
`%%site.server%%/%%site.path%%api/search.atom?q=<query>`
|
|||
|
|
|||
|
### JSON
|
|||
|
|
|||
|
To request search results in JSON, append your URL-encoded query as a parameter to
|
|||
|
the search method and specify the JSON format:
|
|||
|
|
|||
|
`%%site.server%%/%%site.path%%api/search.json?q=<query>`
|
|||
|
|
|||
|
## Additional resources
|
|||
|
|
|||
|
These are extensions to the Twitter API that expose additional functionality.
|
|||
|
|
|||
|
### Group resources
|
|||
|
|
|||
|
#### statusnet/groups/timeline
|
|||
|
|
|||
|
Shows a group's timeline. Similar to other timeline resources.
|
|||
|
|
|||
|
#### statusnet/groups/show
|
|||
|
|
|||
|
Show a groups profile.
|
|||
|
|
|||
|
#### statusnet/groups/create
|
|||
|
|
|||
|
Create a new group.
|
|||
|
|
|||
|
#### statusnet/groups/join
|
|||
|
|
|||
|
Join a group.
|
|||
|
|
|||
|
#### statusnet/groups/leave
|
|||
|
|
|||
|
Leave a group.
|
|||
|
|
|||
|
#### statusnet/groups/list
|
|||
|
|
|||
|
Show the groups a given user is a member of.
|
|||
|
|
|||
|
#### statusnet/groups/list_all
|
|||
|
|
|||
|
List all local groups.
|
|||
|
|
|||
|
#### statusnet/groups/membership
|
|||
|
|
|||
|
List the members of a given group.
|
|||
|
|
|||
|
#### statusnet/groups/is_member
|
|||
|
|
|||
|
Determine whether a given user is a member of a given group.
|
|||
|
|
|||
|
### Tag resources
|
|||
|
|
|||
|
#### statusnet/tags/timeline
|
|||
|
|
|||
|
Shows a tag's timeline. Similar to other timeline resources.
|
|||
|
|
|||
|
### Media resources
|
|||
|
|
|||
|
#### statusnet/media/upload
|
|||
|
|
|||
|
Endpoint for uploading an image. Returns a URL that can be used in a status update.
|
|||
|
Format post data as multipart/form-data.
|
|||
|
|
|||
|
### Configuration
|
|||
|
|
|||
|
#### statusnet/config
|
|||
|
|
|||
|
Show an instance's configuration information.
|
|||
|
|
|||
|
Of special note is the `<private>` element (config/site/private), which indicates
|
|||
|
whether a site is private. When a site is configured as private every other API
|
|||
|
method requires authentication, including the public timeline (`/api/statuses/public_timeline.format`).
|