Forum Discussion

irach15's avatar
irach15
Maven
5 years ago

cUrl call to get data

hey,

sorry for simple questions to all API gurus 😉

I just started using cUrl for getting API data, somehow after working years as Admin and Dev never has been needed...

Being said, I want to understand how I as Admin can make a simple cUrl call to get for example all data for one user with a specific user ID.

I see all the sample under Dev docs,

but still having a situation or THE situation to code a cUrl call.

Questions:

- do I need a session-key to Get call?

- how to get a session-key?

- can I use instead of session-key another authentication method  or none because I'm an Admin and signed in at the moment of the call?

for example to get all badges from a user:

curl -X GET \
    'https://[COMMUNITY-DOMAIN]/api/2.0/users/13/badges/' \
    -H 'Authorization: Bearer [TOKEN]' \
    -H 'client-id: [CLIENT-ID]'

I got: client-id, but is Bearer [TOKEN]?

another example, for this one, how to code a curl call?

select id, name, node.id, role_status from roles where users.id = '17'

Trying to see the logic and understand how to make a call.

  • peterlu's avatar
    peterlu
    Champion
    5 years ago

    Another approach is to use an Khoros Endpoint.

    You can use POSTMAN to issue a http request with a "API-TOKEN" header to poke this endpoint.

    In the endpoint, you can check this API-TOKEN. Then if API-TOKEN check is correct, then you can write a restadmin call to get whatever data you need. Also you can use http.client object to do a CURL out to 3rd party system.

    This method does not require a user to be created.

    • irach15's avatar
      irach15
      Maven
      5 years ago

      peterlu 

      and I need to code an endpoint for the call?

      why is it so complicated? it should be just easy call to check and get the data...

      any sample for endpoint call appreciated

      thanks

      • peterlu's avatar
        peterlu
        Champion
        5 years ago

        irach15 Here is some coding example. Being a developer is not fun 🙂 I can share your pain.

         

         

        <#compress>
<#assign header_names = http.request.headerNames />
<#assign token_from_request = "" />
<#if header_names?seq_contains("API-TOKEN")>
  <#assign token_from_request = http.request.getHeader("API-TOKEN") />
</#if>

<#assign token_from_setting = community.settings.name.get("your.community.settings.list.variable", "") />

<#if token_from_request == token_from_setting>
  <#assign query = "........." />
  <#assign items = restadmin("2.0", "/search?q=${query?url}").data.items![] />
  {
    "data": [
      <#list items as item>
        {
        	// some json print out coding
        }
      </#list>
    ]
  }
<#else>
  {"error": "invalid request"}
</#if>
</#compress>

         

         

         

        <#compress>
<#assign header_names = http.request.headerNames />
<#assign token_from_request = "" />
<#if header_names?seq_contains("API-TOKEN")>
  <#assign token_from_request = http.request.getHeader("API-TOKEN") />
</#if>

<#assign token_from_setting = community.settings.name.get("your.community.settings.list.variable", "") />

<#if token_from_request == token_from_setting>
  <#-- curl out to 3rd party -->
  <#assign response = http.client.request("some url").header("Content-Type","application/x-www-form-urlencoded").parameter("p1", "v1").parameter("p2", "v2").post()/>
  <#--some error condition checks-->
  <#--success or error JSON print out-->
<#else>
  {"error": "invalid request"}
</#if>
</#compress>

         

         

  • SuzieH's avatar
    SuzieH
    Khoros Alumni (Retired)
    5 years ago

    Hi irach15 

    - do I need a session-key to Get call?

    You don't need to use a session key for authentication, but you do need to use some form of API authentication. When I'm making test calls, I find it easiest to use session key auth. To use OAuth, you'll need extended backend systems

    - how to get a session-key?

    We walk through how to retrieve a session key in Session Key authentication.

    Here is an example from the guide:

     

    curl --location --request \
    POST' https://[COMMUNITY DOMAIN]/restapi/vc/authentication/sessions/login' \
    --form 'user.login=[USER NAME]' \
    --form 'user.password=[PASSWORD]'

     

     

    We've got some example GET cURL calls that include LiQL queries in The Community API v2 request. You'll need to URL encode the query, as shown here.

     

    curl -L -X GET \
'httpS://[COMMUNITY DOMAIN]/api/2.0/search?q=SELECT%20count(*)%20FROM%20messages%20WHERE%20author.login%20%3D%20%27docadmin%27' \
-H 'li-api-session-key: [SESSION KEY]'

     

     

    -  how to code a curl call?

     

    select id, name, node.id, role_status from roles where users.id = '17'

     




    Here is what I used locally to test out your query:

    Get a session key

     

    curl -X POST https://my.qa.lithium.com/restapi/vc/authentication/sessions/login -H 'content-type: application/x-www-form-urlencoded' -d 'user.login=admin&user.password=mypassword'

     

    This returned a session key.

    Then I used an online URL encoder for the LiQL statement

     

    select%20id%2C%20name%2C%20node.id%2C%20role_status%20from%20roles%20where%20users.id%20%3D%20%2717%27

     


    Then I built my GET request in cURL like this

     

    curl -L -X GET \
'https://my.qa.lithium.com/api/2.0/search?q=select%20id%2C%20name%2C%20node.id%2C%20role_status%20from%20roles%20where%20users.id%20%3D%20%2717%27' \
-H 'li-api-session-key: x5WMj36WEL9cvM7K1oUNLCnXXbRJQXwMbCI3PDhYO98.'

     

     

    I got a successful response

     

    {
  "status":"success",
  "message":"",
  "http_code":200,
  "data":{
    "type":"roles",
    "list_item_type":"role",
    "size":10,
    "items":[
      {
        "type":"role",
        "id":"t:Administrator",
        "name":"Administrator",
        "role_status":"active",
        "node":{
          "type":"node",
          "id":"community:Hawley2Community"
        }
      },
      {
        "type":"role",
        "id":"t:BlogAuthor",
        "name":"BlogAuthor",
        "role_status":"active",
        "node":{
          "type":"node",
          "id":"community:Hawley2Community"
        }
      },
      {
        "type":"role",
        "id":"t:CIC",
        "name":"CIC",
        "role_status":"active",
        "node":{
          "type":"node",
          "id":"community:Hawley2Community"
        }
      },
      {
        "type":"role",
        "id":"t:CategoryExpert",
        "name":"CategoryExpert",
        "role_status":"active",
        "node":{
          "type":"node",
          "id":"community:Hawley2Community"
        }
      },
      {
        "type":"role",
        "id":"t:Lithium",
        "name":"Lithium",
        "role_status":"active",
        "node":{
          "type":"node",
          "id":"community:Hawley2Community"
        }
      },
      {
        "type":"role",
        "id":"b:BlogPremodSpam:BlogAuthor",
        "name":"BlogAuthor",
        "role_status":"active",
        "node":{
          "type":"node",
          "id":"board:BlogPremodSpam"
        }
      },
      {
        "type":"role",
        "id":"b:BlogPremodSpam:BlogModerator",
        "name":"BlogModerator",
        "role_status":"active",
        "node":{
          "type":"node",
          "id":"board:BlogPremodSpam"
        }
      },
      {
        "type":"role",
        "id":"c:suzieSandbox:CategoryExpert",
        "name":"CategoryExpert",
        "role_status":"active",
        "node":{
          "type":"node",
          "id":"category:suzieSandbox"
        }
      },
      {
        "type":"role",
        "id":"b:suziesBlog:BlogAuthor",
        "name":"BlogAuthor",
        "role_status":"active",
        "node":{
          "type":"node",
          "id":"board:suziesBlog"
        }
      },
      {
        "type":"role",
        "id":"b:suziesBlog:BlogModerator",
        "name":"BlogModerator",
        "role_status":"active",
        "node":{
          "type":"node",
          "id":"board:suziesBlog"
        }
      }
    ]
  },
  "metadata":{
    
  }
}

     

     

    I hope this helps.

    • irach15's avatar
      irach15
      Maven
      5 years ago

      Thank you very much!

      SuzieH 

      one more question, how to or is it anyway to save cUrl response in a file format?

      and upload or save it in a specific folder?

      it would be nice to have step by step guidelines.

      • SuzieH's avatar
        SuzieH
        Khoros Alumni (Retired)
        5 years ago

        Ooo. That is getting out of my depth ğŸ˜€

        But, I did find some possible examples in this Stack Overflow thread. Perhaps some of our real cURL gurus can jump in.

    • irach15's avatar
      irach15
      Maven
      5 years ago

      SuzieH 

      okay, I've tried

      we have SSO signin and psw

      cUrl response on trying to get a session-key

       

      <response status="error">
  <error code="302">
    <message>
      User authentication failed.
    </message>
  </error>
</response>
curl: (6) Could not resolve host: application
'user.password' is not recognized as an internal or external command,
operable program or batch file.

       

      in the user.name field is my user name, in the psw field - my signing psw?

      I see that I need 

      sso.authentication_tokenSingle-sign-on token that identifies the user

      how to find it?

      and how to code it in the cUrl request?

      • SuzieH's avatar
        SuzieH
        Khoros Alumni (Retired)
        5 years ago

        Good to know. I found this example in our LIthiumSSO Token authentication guide.  Do you have an sso authentication token for your user that you could pass like this?

        curl -X \
    POST https://[COMMUNITY DOMAIN]/restapi/vc/authentication/sessions/login \
    -H 'content-type: application/x-www-form-urlencoded' \
    -d 'sso.authentication_token': '~aj340iw03riaw3ria9pw3ir09aw3ir90awillzxdvmklzsd'

         

  • CarolineS's avatar
    CarolineS
    Boss
    5 years ago

    (I started writing this reply before Stan's response, but forgot to submit. Hopefully still useful).

    I also struggled with this a lot when playing around w/ API.

    I ended up:

    (1) creating a NON-SSO user via the admin console (Users > Permissions > Create User) & granting them API permissions

    (2) Using Postman to handle the session keys. Unfortunately I don't remember the details of how I did this, but once it was set up it was nice and easy to make calls. Check out  https://www.postman.com/ 

    Cheers!

    • irach15's avatar
      irach15
      Maven
      5 years ago

      CarolineS 

      tried

      - non-SSO user created

      - signed on to Postman

      - run Post request with user name & psw

      - no luck

      <response status="error">
    <error code="302">
        <message>
      User authentication failed.
    </message>
    </error>
</response>

       

      • CarolineS's avatar
        CarolineS
        Boss
        5 years ago

        Hi irach15 -

        I am far far FAR from an expert on this, but here is what I did. 

        (1) Call /authentication/sessions/login to get a session key: 

        (2) Once you get that session key, save it in the Headers for your next request:

        Hope that helps!

  • irach15's avatar
    irach15
    Maven
    5 years ago

    TedV & SuzieH 

    updates:

    I've tried as recommended. 

    - created non-SSO account

    - granted Admin role

    tried to get a session key from Suzie's example, no luck

    <response status="error">
  <error code="302">
    <message>
      User authentication failed.
    </message>
  </error>
</response>
curl: (6) Could not resolve host: application
'user.password' is not recognized as an internal or external command,
operable program or batch file.

    Note: I'm on Windows 10. cUrl installed by default and it's running.

    Any advice on this?

    I've read lots of docs on cUrl...