123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431 |
- ## Authentication
- ### HTTP Basic authentication
- The API uses [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication).
- Note that this means that users with only an OpenID login cannot use the API; they have to add a
- password to their account using the control panel on the site.
- ### OAuth authentication
- OAuth 1.0a authentication for API resources is also supported. Generally, StatusNet's
- UI and API are similar to Twitter's for OAuth applications (if you're new to OAuth
- check out [Beginner’s Guide to OAuth](http://hueniverse.com/oauth/)).
- To use OAuth, you'll need to register your client application via the web interface
- and obtain a consumer key and secret. You can find the interface for application
- registration at [http://%%site.server%%/%%site.path%%settings/oauthapps](http://%%site.server%%/%%site.path%%settings/oauthapps).
- ## JSONP callbacks
- For API methods that return [JSON](https://en.wikipedia.org/wiki/JSON), an optional
- JSONP-style callback parameter is supported. If supplied, the response will be in
- JSONP format with a callback of the given name. To make it easier for clients to
- handle error conditions, HTTP error codes are suppressed, and the errors will be
- returned in the response body when using JSONP.
- ## Rate limiting
- There is currently no rate-limiting.
- ## Gotchas
- Some things to remember:
- * %%site.name%% supports the
- [OStatus federation protocol](https://en.wikipedia.org/wiki/OStatus) (as well as
- [OpenMicroBlogging](https://en.wikipedia.org/wiki/OpenMicroBlogging) for backwards
- compatibility), so many notices and friends' profiles may come from other servers.
- * User nicknames are unique, but they are not globally unique. Use the ID number
- instead.
- * Private streams are not implemented yet.
- * GNU social sites can be configured as private. In that case, all API methods
- require authentication, including the public timeline (see the 'config' method
- below).
- * If "Fancy URLs" are not enabled, urls from above need to include "index.php" at
- the root. ( e.g. http://example.org/statusnet/api becomes http://www.example.org/statusnet/index.php/api )
- * The `since_id` parameter does not work as documented by Twitter. Twitter says of
- `since_id`: "There are limits to the number of Tweets which can be accessed
- through the API. If the limit of Tweets has occured since the `since_id`, the
- `since_id` will be forced to the oldest ID available." However, GNU social will
- return the newest notices (or the newest back from max_id, if present)! Also, a
- `since_id` <= 0 will be ignored.
- ## Timeline resources
- ### statuses/public_timeline
- Returns the 20 most recent notices, including repeats if they exist, from
- non-protected users.
- ### statuses/home_timeline
- Returns the 20 most recent notices, including repeats if they exist, posted by the
- authenticating user and the users they follow. This is the same timeline seen by a
- user when they login to their instance. This method is identical to
- statuses/friends_timeline, except that this method always includes repeats.
- ### statuses/friends_timeline
- Alias of statuses/home_timeline
- ### statuses/friends_timeline/:username
- Alias of statuses/home_timeline for the specified username
- ### statuses/mentions
- Returns the 20 most recent mentions (notices containing @username) for the
- authenticating user.
- This method will not include repeats in the XML and JSON responses unless the
- include_rts parameter is set. The RSS and Atom responses will always include repeats
- as notices prefixed with RT.
- ### statuses/replies
- Alias of statuses/mentions
- ### statuses/replies/:username
- Alias of statuses/mentions for the specified username
- ### statuses/user_timeline
- Returns the 20 most recent notices posted by the authenticating user. It is also
- possible to request another user's timeline by using the screen\_name or user_id
- parameter. The other users timeline will only be visible if they are not protected,
- or if the authenticating user's follow request was accepted by the protected user.
- This method will not include repeats in the XML and JSON responses unless the
- include_rts parameter is set. The RSS and Atom responses will always include
- repeats as notices prefixed with RT, regardless of provided parameters.
- ### statuses/retweeted\_to_me
- Not implemented.
- ### statuses/retweeted\_by_me
- Not implemented.
- ### statuses/retweets\_of_me
- Not implemented.
- ## Status resources
- ### statuses/show/:id
- Returns a single notice, specified by the id parameter. The notice's author will be
- returned inline.
- ### statuses/update
- Post a new notice as the authenticating user.
- Additional 'media' parameter allows binary multimedia uploads (images, etc.). Format
- post data as multipart/form-data when using the 'media' parameter.
- ### statuses/destroy/:id
- Destroys the notice specified by the required ID parameter. The authenticating user
- must be the author of the specified notice. Returns the destroyed notice if successful.
- ### statuses/retweet/:id
- Repeats a notice. Returns the original notice with repeat details embedded.
- ## User resources
- ### statuses/friends
- Returns the user's subscriptions (friends) as an array of profiles.
- ### statuses/followers
- Returns the user's subscribers (followers) as an array of profiles.
- ### users/show
- Returns extended information of a given user, specified by ID or screen name as per
- the required id parameter.
- ## Direct message resources
- ### direct_messages
- Returns the 20 most recent direct messages sent to the authenticating user. The XML
- and JSON versions include detailed information about the sender and recipient user.
- ### direct_messages/sent
- Returns the 20 most recent direct messages sent by the authenticating user. The XML
- and JSON versions include detailed information about the sender and recipient user.
- ### direct_messages/new
- Sends a new direct message to the specified user from the authenticating user.
- Requires both the user and text parameters and must be a POST. Returns the sent
- message in the requested format if successful.
- ### direct_messages/destroy
- Not implemented.
- ## Friendships resources
- ### friendships/create
- Allows the authenticating users to follow the user specified in the ID parameter.
- Returns the befriended user in the requested format when successful. Returns a
- string describing the failure condition when unsuccessful.
- If you are already friends with the user a HTTP 403 may be returned, though for
- performance reasons you may get a 200 OK message even if the friendship already
- exists.
- Note that users cannot subscribe to remote profiles using this API.
- ### friendships/destroy
- Allows the authenticating users to unfollow the user specified in the ID parameter.
- Returns the unfollowed user in the requested format when successful. Returns a
- string describing the failure condition when unsuccessful.
- Users can unsubscribe to a remote profile using this API, but it's preferred to use
- numeric IDs to nicknames.
- ### friendships/exists
- Test for the existence of friendship between two users. Will return true if user\_a
- follows user_b, otherwise will return false. Authentication is required if either
- user A or user B are protected. Additionally the authenticating user must be a
- follower of the protected user.
- ### friendships/show
- Returns detailed information about the relationship between two users.
- ## Friends and subscribers resources
- ### friends/ids
- Returns an array of numeric IDs for every user the specified user is subscribed to.
- This method is powerful when used in conjunction with users/lookup.
- ### followers/ids
- Returns an array of numeric IDs for every user subscsribed to the specified user.
- This method is powerful when used in conjunction with users/lookup.
- ## Account resources
- ### account/verify_credentials
- Returns an HTTP 200 OK response code and a representation of the requesting user if
- authentication was successful; returns a 401 status code and an error message if
- not. Use this method to test if supplied user credentials are valid.
- ### account/end_session
- Not implemented.
- ### account/update\_delivery_device
- Not implemented.
- ### account/rate\_limit_status
- Returns the remaining number of API requests available to the requesting user before
- the API limit is reached.
- We have no rate limit, so this always returns 150 hits left.
- ### account/update\_profile\_background_image
- Updates the authenticating user's profile background image. This method can also be
- used to enable or disable the profile background image.
- ### account/update\_profile_image
- Updates the authenticating user's profile image. Note that this method expects raw
- multipart data, not a URL to an image.
- ## Favorite resources
- ### favorites
- Returns the 20 most recent favorite statuses for the authenticating or specified
- user in the requested format.
- ### favorites/create/:id
- Favorites the status specified in the ID parameter as the authenticating user.
- Returns the favorite status when successful.
- ### favorites/destroy/:id
- Un-favorites the status specified in the ID parameter as the authenticating user.
- Returns the un-favorited status in the requested format when successful.
- ## Notification resources
- ### notifications/follow
- Not implemented.
- ### notifications/leave
- Not implemented.
- ## Block resources
- ### blocks/create
- Blocks the specified user from following the authenticating user. In addition the
- blocked user will not show in the authenticating users mentions or timeline (unless
- retweeted by another user). If a follow or friend relationship exists it is
- destroyed.
- ### blocks/destroy
- Un-blocks the user specified in the ID parameter for the authenticating user.
- Returns the un-blocked user in the requested format when successful. If
- relationships existed before the block was instated, they will not be restored.
- ### blocks/exists
- Not implemented.
- ### blocks/blocking
- Not implemented.
- ## Help resources
- ### help/test
- Returns the string "ok" in the requested format with a 200 OK HTTP status code. This
- method is great for sending a HEAD request to determine our servers current time.
- ## OAuth resources
- It is strongly recommended you use HTTPS for all OAuth authorization steps.
- ### oauth/request_token
- Allows a Consumer application to obtain an OAuth Request Token to request user
- authorization. This method fulfills Section 6.1 of the OAuth 1.0 authentication
- flow. It is strongly recommended you use HTTPS for all OAuth authorization steps.
- ### oauth/authorize
- Allows a Consumer application to use an OAuth Request Token to request user
- authorization. This method fulfills Section 6.2 of the OAuth 1.0 authentication
- flow. Desktop applications must use this method (and cannot use GET oauth/authenticate).
- ### oauth/access_token
- Allows a Consumer application to exchange the OAuth Request Token for an OAuth
- Access Token. This method fulfills Section 6.3 of the OAuth 1.0 authentication flow.
- The OAuth access token may also be used for xAuth operations.
- ## Search
- The search method supports the following optional URL parameters:
- * **callback**: if supplied when using the JSON format, the response will use the
- JSONP format with a callback of the given name.
- * **rpp**: the number of notices to return per page, up to a max of 100.
- * **page**: the page number (starting at 1) to return.
- * **since_id:**: returns notices with ids greater than the given id.
- Note:
- * The search does not support operators, such as "from:", "to:" and booleans.
- * Notice content is HTML-encoded.
- ### search
- Returns relevant notices that match a specified query.
- ### Atom
- To request search results in Atom, append your URL-encoded query as a parameter to
- the search method and specify the Atom format:
- `%%site.server%%/%%site.path%%api/search.atom?q=<query>`
- ### JSON
- To request search results in JSON, append your URL-encoded query as a parameter to
- the search method and specify the JSON format:
- `%%site.server%%/%%site.path%%api/search.json?q=<query>`
- ## Additional resources
- These are extensions to the Twitter API that expose additional functionality.
- ### Group resources
- #### statusnet/groups/timeline
- Shows a group's timeline. Similar to other timeline resources.
- #### statusnet/groups/show
- Show a groups profile.
- #### statusnet/groups/create
- Create a new group.
- #### statusnet/groups/join
- Join a group.
- #### statusnet/groups/leave
- Leave a group.
- #### statusnet/groups/list
- Show the groups a given user is a member of.
- #### statusnet/groups/list_all
- List all local groups.
- #### statusnet/groups/membership
- List the members of a given group.
- #### statusnet/groups/is_member
- Determine whether a given user is a member of a given group.
- ### Tag resources
- #### statusnet/tags/timeline
- Shows a tag's timeline. Similar to other timeline resources.
- ### Media resources
- #### statusnet/media/upload
- Endpoint for uploading an image. Returns a URL that can be used in a status update.
- Format post data as multipart/form-data.
- ### Configuration
- #### statusnet/config
- Show an instance's configuration information.
- Of special note is the `<private>` element (config/site/private), which indicates
- whether a site is private. When a site is configured as private every other API
- method requires authentication, including the public timeline (`/api/statuses/public_timeline.format`).
|