Forum Discussion

hkremer's avatar
hkremer
Helper
4 years ago

API Authentication

Hi,

I'm new to the Khoros community and looking for some clarification on API authentication.

Specifically, is it required for GET requests? I see it is listed as required in the API documentation but in practice, I am not running into any permissions error when testing on community.khoros.com.
 
Example:
 
GET https://community.khoros.com/api/2.0/search?q=SELECT * FROM categories
 
Thank you for any insight!
API
Community API
  • Claudius's avatar
    Claudius
    4 years ago

    Yes, the unauthenticated call will only return results if the community's permissions are set up to grant API read access to everyone. I've seen communities that restrict API access to signed in users or even only users with a specific role, so in that case API authenticatio is a must to access anything.

  • StanGromer's avatar
    StanGromer
    Boss
    4 years ago

    *Not an engineer so someone can correct me if I am wrong, i've just had to have this convo with every new engineer we ever hire, lol

    You won't know you are missing anything in the response until you compare it to using restadmin - Khoros will still give you back the unauthenticated details, just leaving out everything you would get if authenticated.  For example, if you try to pull back the results of a specific user, you'll see their public information, but not their email or first/last name which would require you to use auth. 

    GET https://community.khoros.com/api/2.0/search?q=SELECT * FROM categories

    If you have any private boards for example, I am guessing they are being excluded from the response you are getting?
    • hkremer's avatar
      hkremer
      Helper
      4 years ago

      Thanks Stan.

       

      I've done a quick comparison between the fields at the user level and category level and there seem to be minimal differences.

       

      I don't actually have admin access to any Khoros communities but was more so wondering if there might be any instances of communities where nothing would return without auth?

      • Claudius's avatar
        Claudius
        Boss
        4 years ago

        Yes, the unauthenticated call will only return results if the community's permissions are set up to grant API read access to everyone. I've seen communities that restrict API access to signed in users or even only users with a specific role, so in that case API authenticatio is a must to access anything.