PHP+CMS+网站 · 2020年11月15号 0

IPS:REST API Documentation

原文地址

Introduction

IPS4 provides an extensive REST API to provide a way to consume and create data for third-party applications and websites. Examples of things you can do include creating new topics, registering new members, updating member information, creating Commerce orders and much more besides.

Each IPS4 community provides its own instance of the API. This means that if you’re building an app that community administrators can enable in their community, each community needs to create an API key for your integration to use, and REST requests are sent directly to that community – and not to a central API location operated by us.

Authorization

There are two ways to authenticate requests to the REST API: using an API key (all versions), or using OAuth (4.3 and above).

When using an API key, all data is available and all actions can be performed. For example, if you send an API request to GET /forums/topics, every topic in the community will be in the results; if you send an API request to POST /forums/topics you can create a topic as any user on the community. It is therefore very important that you always keep the API Keys secret, and only grant access to the endpoints you intend to use.

Unlike with API keys, when accessing the REST API with OAuth, you will be providing an access token which has been granted to a specific user* and only data that user can see, and actions that user can perform are available. For example, if you send an API request to GET /forums/topics, only topics in forums that the authenticated user can see will be in the results; if you send an API request to POST /forums/topics the topic will be created as the authenticated user and that cannot be changed.

Some endpoints are only available when using one method or the other. For example, GET /core/me gets information about the authenticated user and so can only be used when authenticated with OAuth. Meanwhile, POST /forums/forums creates a forum, which is exclusively a site-level operation and so can only be used when authenticated with an API Key*. Some endpoints, while available to both methods, might accept different request parameters or have different response parameters for different methods which will be explained in the documentation.

* If you are familiar with OAuth and prefer using it for authentication to API Keys, you can also authenticate with Client Credentials which will work similarly to using an API Key, giving full access to the API rather than as a specific user.

Using an API Key (Easy)

The community administrator can generate API keys in AdminCP → System → REST & OAuth → API Keys. Each API Key will need to be configured to which endpoints it can access.

The way to provide the API key in your request depends on the server on which the community is running. The recommended approach is HTTP Basic Auth. Send your API key as the username, with no password. For example:

<?php
      $communityUrl = 'https://www.example.com/ips4/';
      $apiKey = 'c7a349a1629f02cd2855a58d77646f6d';
      $endpoint = '/core/hello';

      $curl = curl_init( $communityUrl . 'api' . $endpoint );
      curl_setopt_array( $curl, array(
          CURLOPT_RETURNTRANSFER	=> TRUE,
          CURLOPT_HTTPAUTH	=> CURLAUTH_BASIC,
          CURLOPT_USERPWD		=> "{$apiKey}:"
      ) );
      $response = curl_exec( $curl );

If PHP is running as a CGI module (which can be confirmed by checking the phpinfo output for your server), then your server may not be able to see the Authorization header. From Invision Community 4.5 and above you may be able to send a X-Authorization header with the same base64-encoded credentials, or otherwise you will need to authorize your requests by sending your API key as the key parameter in the request. For example:

<?php
      $communityUrl = 'https://www.example.com/ips4/';
      $apiKey = 'c7a349a1629f02cd2855a58d77646f6d';
      $endpoint = '/core/hello';
      
      /* Try this approach first (requires Invision Community 4.5 or higher) */
      $curl = curl_init( $communityUrl . 'api' . $endpoint );
      curl_setopt_array( $curl, array(
          CURLOPT_RETURNTRANSFER	=> TRUE,
          CURLOPT_HTTPHEADER		=> array( 'X-Authorization: ' . base64_encode( "{$accessToken}:" ) ),
      ) );
      $response = curl_exec( $curl );
      
      /* OR, if that doesn't work, use this approach */
      $curl = curl_init( $communityUrl . 'api' . $endpoint . '?key=' . $apiKey );
      curl_setopt_array( $curl, array(
          CURLOPT_RETURNTRANSFER	=> TRUE,
      ) );
      $response = curl_exec( $curl );

Using OAuth (Advanced)

You will need to be familiar with the basic concepts OAuth before you begin. A good resource is OAuth 2 Simplified. The community administrator can create OAuth clients in AdminCP → System → REST & OAuth → OAuth Clients.

Just like with API Keys, the client will need to be configured to which endpoints it can access, however with OAuth, the different endpoints are tied to scopes. For example, you might set up one scope which allows access to the GET /core/me endpoint to get basic information about the authenticated user, and a separate scope which allows access to the POST /forums/topics which allows topics to be posted. The scopes you set up and which endpoints they can access will depend on how you intend the API.

You then will obtain an access token using whichever OAuth grant type you want (usually with an authorization code grant involving redirecting the user) and send that in requests in the Authorization header. For example:

<?php
      $communityUrl = 'https://www.example.com/ips4/';
      $accessToken = 'c7a349a1629f02cd2855a58d77646f6d';
      $endpoint = '/core/hello';

      $curl = curl_init( $communityUrl . 'api' . $endpoint );
      curl_setopt_array( $curl, array(
          CURLOPT_RETURNTRANSFER	=> TRUE,
          CURLOPT_HTTPHEADER	=> array( "Authorization: Bearer {$accessToken}" ),
      ) );
      $response = curl_exec( $curl );

In Invision Community OAuth clients Client Identifiers are 32 characters long, Client Secrets are 48 characters long, Authorization Codes are 64 characters long, and Access Tokens are 97 characters long.

Parameters

For all GET requests, provide parameters in the query string. For PUT and POST requests, all parameters should be sent Form URL Encoded in the body.

Response

Responses from the API are always JSON-encoded.

Error Handling

When an error is encountered, you will receive a response like this:

{
          "errorCode": "3S290\/7",
          "errorMessage": "INVALID_API_KEY"
      }

The possible error codes/messages for each endpoint are detailed within this documentation reference. In addition to the endpoint-specific errors, the following global errors may also be returned:

Code Message Description
1S290/A or 1S290/C IP_ADDRESS_BANNED The IP address that is sending the request has been banned from the community. This may happen automatically if the IP Address has repeatedly sent many requests with invalid API keys.
1S290/D TOO_MANY_REQUESTS_WITH_BAD_KEY The IP address that is sending the request has sent multiple requests with an invalid API key and so is prevented from sending any more requests for several minutes.
2S290/6 NO_API_KEY No API key or OAuth access token was sent in the request.
2S290/8 IP_ADDRESS_NOT_ALLOWED The API key was valid, but is configured to only be valid for requests coming from certain IP addresses and IP address the request was sent from is not in the allowed list.
2S290/B CANNOT_USE_KEY_AS_URL_PARAM The API key was valid, but it is not configured to be used as URL authentication and must be used in AUTHORIZATION headers.
3S290/7 INVALID_API_KEY The API key sent in the request is not valid.
2S290/9 INVALID_LANGUAGE An X-IPS-Language header was sent in the request (which can be used to specify a language ID for the response), but its value was not valid.
3S290/3 INVALID_APP The endpoint the request was sent to does not exist (the first level contains an invalid character, only alphanumerics are acceptable).
3S290/4 INVALID_CONTROLLER The endpoint the request was sent to does not exist (the second level contains an invalid character, only alphanumerics are acceptable).
2S290/1 INVALID_APP The endpoint the request was sent to does not exist (the first level does not exist).
1S290/2 APP_DISABLED The application which controls the endpoint the request was sent to is currently disabled.
2S290/5 INVALID_CONTROLLER The endpoint the request was sent to does not exist (the second level does not exist).
2S291/1 NO_ENDPOINT The endpoint the request was sent to does not exist (the URL contains too many levels).
2S291/3 NO_PERMISSION The API key does not have permission to access the requested endpoint.
3S291/2 BAD_METHOD The endpoint the request was sent to does not exist – the HTTP request method may be incorrect (for example, sending a GET rather than a POST).
3S290/9 INVALID_ACCESS_TOKEN The OAuth access token sent in the request is not valid.
1S290/E EXPIRED_ACCESS_TOKEN The OAuth access token sent in the request was valid but has expired.
3S290/B NO_SCOPES The OAuth access token has not been authorised to access any scopes.

Sample Code

Here is a simple code snippet showing a call to the /core/hello endpoint.

<?php
      $communityUrl = 'http://www.example.com/ips4/';
      $apiKey = 'c7a349a1629f02cd2855a58d77646f6d';

      $curl = curl_init( $communityUrl . 'api/core/hello' );
      curl_setopt_array( $curl, array(
          CURLOPT_RETURNTRANSFER	=> TRUE,
          CURLOPT_HTTPAUTH	=> CURLAUTH_BASIC,
          CURLOPT_USERPWD		=> "{$apiKey}:"
      ) );
      $response = curl_exec( $curl );

      echo $response;

A successful response will look like this:

{
      "communityName": "IPS Community Suite",
      "communityUrl": "http:\/\/localhost:8888\/ips4\/",
      "ipsVersion": "4.1.6"
      }

中文汉化:

介绍

IPS4 提供了广泛的 REST API,为第三方应用程序和网站提供了一种使用和创建数据的方法。您可以执行的一些示例包括创建新主题、注册新成员、更新成员信息、创建商务订单等等。

每个 IPS4 社区都提供自己的 API 实例。这意味着,如果您正在构建社区管理员可以在其社区中启用的应用,则每个社区都需要创建 API 密钥供集成使用,并且 REST 请求将直接发送到该社区,而不是发送到我们操作的中心 API位置。

 

授权

对 REST API 的请求进行身份验证有两种方法:使用 API 密钥(所有版本)或使用 OAuth(4.3 及以上)。

使用 API 密钥时,所有数据都可用,并且可以执行所有操作。例如,如果向 发送 API 请求,则社区中的每个主题都将在结果中;如果您向社区上的任何用户发送 API请求,可以创建主题。因此,始终对 API 密钥保密,并且只授予要使用的终结点的访问权限,这一点非常重要。GET /forums/topicsPOST /forums/topics

与 API 密钥不同,使用 OAuth 访问 REST API 时,您将提供已授予特定用户* 的访问令牌*,并且只有用户可以看到的数据以及用户可以执行的操作可用。例如,如果将 API 请求发送到 ,则只有经过身份验证的用户可以看到的论坛中的主题才能在结果中显示;如果将 API 请求发送到 ,则只有经过身份验证的用户可以看到的主题才能在 结果中显示。如果您向主题发送 API 请求,则主题将创建为经过身份验证的用户,并且无法更改。GET /forums/topicsPOST /forums/topics

某些终结点仅在使用一种方法时可用。例如,获取有关经过身份验证的用户的信息,因此只能在使用 OAuth 进行身份验证时使用。同时,创建一个论坛,该论坛仅是站点级操作,因此只能在使用 API Key* 进行身份验证时使用。某些终结点虽然对两种方法都可用,但可能会接受不同的请求参数,或者对于不同方法具有不同的响应参数,这将在文档中解释。GET /core/mePOST /forums/forums

* 如果您熟悉 OAuth,并且更喜欢使用它进行身份验证到 API 密钥,也可以使用客户端凭据进行身份验证,该凭据的工作方式与使用 API 密钥类似,从而获得对 API 的完全访问权限,而不是作为特定用户进行身份验证。

使用 API 密钥(简单)

社区管理员可以在管理员、管理员、→、→和 OAuth →中生成 API 密钥。每个 API 密钥都需要配置为可以访问哪些终结点。

在请求中提供 API 密钥的方式取决于运行社区的服务器。推荐的方法是 Http 基本身份验证。将您的 API 密钥作为用户名发送,没有密码。例如:

<?php
      $communityUrl = 'https://www.example.com/ips4/';
      $apiKey = 'c7a349a1629f02cd2855a58d77646f6d';
      $endpoint = '/core/hello';

      $curl = curl_init( $communityUrl . 'api' . $endpoint );
      curl_setopt_array( $curl, array(
          CURLOPT_RETURNTRANSFER	=> TRUE,
          CURLOPT_HTTPAUTH	=> CURLAUTH_BASIC,
          CURLOPT_USERPWD		=> "{$apiKey}:"
      ) );
      $response = curl_exec( $curl );

如果 PHP 作为 CGI 模块运行(可以通过检查服务器的 phpinfo 输出来确认),则您的服务器可能无法看到授权标头。从 Invision Community 4.5 及更上面,您可以发送具有相同 base64 编码凭据的 X 授权标头,或者您需要通过发送 API 密钥作为请求中的参数来授权请求。例如:key

<?php
      $communityUrl = 'https://www.example.com/ips4/';
      $apiKey = 'c7a349a1629f02cd2855a58d77646f6d';
      $endpoint = '/core/hello';
      
      /* Try this approach first (requires Invision Community 4.5 or higher) */
      $curl = curl_init( $communityUrl . 'api' . $endpoint );
      curl_setopt_array( $curl, array(
          CURLOPT_RETURNTRANSFER	=> TRUE,
          CURLOPT_HTTPHEADER		=> array( 'X-Authorization: ' . base64_encode( "{$accessToken}:" ) ),
      ) );
      $response = curl_exec( $curl );
      
      /* OR, if that doesn't work, use this approach */
      $curl = curl_init( $communityUrl . 'api' . $endpoint . '?key=' . $apiKey );
      curl_setopt_array( $curl, array(
          CURLOPT_RETURNTRANSFER	=> TRUE,
      ) );
      $response = curl_exec( $curl );

使用 OAuth (高级)

在开始之前,您需要熟悉 OAuth 的基本概念。一个好的资源是Auth2简化。社区管理员可以在管理员、系统、REST 和 OAuth →创建 OAuth →,并创建 OAuth →客户端。

与 API Keys 一样,客户端将需要配置为可以访问哪些终结点,但是使用 OAuth 时,不同的终结点将绑定到作用域。例如,您可以设置一个允许访问终结点以获取有关经过身份验证的用户的基本信息的范围,以及一个允许访问允许发布主题的范围。您设置的范围以及它们可以访问哪些终结点将取决于您打算使用 API。GET /core/mePOST /forums/topics

然后,您将使用所需的任何 OAuth 授予类型获取访问令牌(通常使用涉及重定向用户的授权代码授予),并在授权标头中的请求中发送该令牌。例如:

<?php
      $communityUrl = 'https://www.example.com/ips4/';
      $accessToken = 'c7a349a1629f02cd2855a58d77646f6d';
      $endpoint = '/core/hello';

      $curl = curl_init( $communityUrl . 'api' . $endpoint );
      curl_setopt_array( $curl, array(
          CURLOPT_RETURNTRANSFER	=> TRUE,
          CURLOPT_HTTPHEADER	=> array( "Authorization: Bearer {$accessToken}" ),
      ) );
      $response = curl_exec( $curl );

在 Invision 社区 OAuth 客户端标识符中,客户端标识符长 32 个字符,客户端机密长 48 个字符,授权代码长 64 个字符,访问令牌长 97 个字符。

参数

对于所有 GET 请求,在查询字符串中提供参数。对于 PUT 和 POST 请求,应发送所有参数在正文中编码的窗体 URL。

响应

来自 API 的响应始终由JSON 编码。

错误处理

当遇到错误时,您将收到这样的响应:

{
          "errorCode": "3S290\/7",
          "errorMessage": "INVALID_API_KEY"
      }

本文档参考中详细介绍了每个终结点的可能错误代码/消息。除了特定于终结点的错误之外,还可能返回以下全局错误:

代码 消息 描述
1S290/A1S290/C IP_ADDRESS_BANNED 发送请求的 IP 地址已被禁止进入社区。如果 IP 地址已重复发送许多具有无效 API 密钥的请求,则可能会自动发生这种情况。
1S290/D TOO_MANY_REQUESTS_WITH_BAD_KEY 发送请求的 IP 地址已发送多个具有无效 API 密钥的请求,因此在几分钟内无法发送任何请求。
2S290/6 NO_API_KEY 请求中未发送 API 密钥或 OAuth 访问令牌。
2S290/8 IP_ADDRESS_NOT_ALLOWED API 密钥有效,但配置为仅对来自某些 IP 地址的请求有效,并且请求发送的 IP 地址不在允许列表中。
2S290/B CANNOT_USE_KEY_AS_URL_PARAM API 密钥有效,但它未配置为用作 URL 身份验证,必须在授权标头中使用。
3S290/7 INVALID_API_KEY 请求中发送的 API 密钥无效。
2S290/9 INVALID_LANGUAGE 请求中发送了 X-IPS 语言标头(可用于为响应指定语言 ID),但其值无效。
3S290/3 INVALID_APP 请求发送到的终结点不存在(第一个级别包含无效字符,仅接受字母数字)。
3S290/4 INVALID_CONTROLLER 请求发送到的终结点不存在(第二个级别包含无效字符,仅接受字母数字)。
2S290/1 INVALID_APP 请求发送到的终结点不存在(第一个级别不存在)。
1S290/2 APP_DISABLED 控制请求发送到的终结点的应用程序当前已禁用。
2S290/5 INVALID_CONTROLLER 请求发送到的终结点不存在(第二个级别不存在)。
2S291/1 NO_ENDPOINT 请求发送到的终结点不存在(URL 包含的级别太多)。
2S291/3 NO_PERMISSION API 密钥没有访问请求终结点的权限。
3S291/2 BAD_METHOD 请求发送到的终结点不存在 – HTTP 请求方法可能不正确(例如,发送 GET 而不是 POST)。
3S290/9 INVALID_ACCESS_TOKEN 请求中发送的 OAuth 访问令牌无效。
1S290/E EXPIRED_ACCESS_TOKEN 请求中发送的 OAuth 访问令牌有效但已过期。
3S290/B NO_SCOPES OAuth 访问令牌未被授权访问任何作用域。

示例代码

下面是显示对终结点的调用的简单代码段。/core/hello

<?php
      $communityUrl = 'http://www.example.com/ips4/';
      $apiKey = 'c7a349a1629f02cd2855a58d77646f6d';

      $curl = curl_init( $communityUrl . 'api/core/hello' );
      curl_setopt_array( $curl, array(
          CURLOPT_RETURNTRANSFER	=> TRUE,
          CURLOPT_HTTPAUTH	=> CURLAUTH_BASIC,
          CURLOPT_USERPWD		=> "{$apiKey}:"
      ) );
      $response = curl_exec( $curl );

      echo $response;

成功的响应将看起来像:

{
      "communityName": "IPS Community Suite",
      "communityUrl": "http:\/\/localhost:8888\/ips4\/",
      "ipsVersion": "4.1.6"
      }

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注