Forum Discussion

hkremer's avatar
hkremer
Helper
4 years ago

API Authentication

Hi,

I'm new to the Khoros community and looking for some clarification on API authentication.

Specifically, is it required for GET requests? I see it is listed as required in the API documentation but in practice, I am not running into any permissions error when testing on community.khoros.com.
 
Example:
 
GET https://community.khoros.com/api/2.0/search?q=SELECT * FROM categories
 
Thank you for any insight!
  • Yes, the unauthenticated call will only return results if the community's permissions are set up to grant API read access to everyone. I've seen communities that restrict API access to signed in users or even only users with a specific role, so in that case API authenticatio is a must to access anything.

3 Replies

  • *Not an engineer so someone can correct me if I am wrong, i've just had to have this convo with every new engineer we ever hire, lol

    You won't know you are missing anything in the response until you compare it to using restadmin - Khoros will still give you back the unauthenticated details, just leaving out everything you would get if authenticated.  For example, if you try to pull back the results of a specific user, you'll see their public information, but not their email or first/last name which would require you to use auth. 

    GET https://community.khoros.com/api/2.0/search?q=SELECT * FROM categories

    If you have any private boards for example, I am guessing they are being excluded from the response you are getting?
  • hkremer's avatar
    hkremer
    Helper
    4 years ago

    Thanks Stan.

     

    I've done a quick comparison between the fields at the user level and category level and there seem to be minimal differences.

     

    I don't actually have admin access to any Khoros communities but was more so wondering if there might be any instances of communities where nothing would return without auth?

  • Claudius's avatar
    Claudius
    Boss
    4 years ago

    Yes, the unauthenticated call will only return results if the community's permissions are set up to grant API read access to everyone. I've seen communities that restrict API access to signed in users or even only users with a specific role, so in that case API authenticatio is a must to access anything.