Forum Discussion

fengka's avatar
fengka
Contributor
9 years ago

How to grant writable permission to lithium via REST API?

I am currently developing a customized mobile App to read/write our company’s forum which is based on lithium platform by using the REST API. I have a consumer key/secret to lithium platform. I followed the OAuth 2.0 authorization grant flow (http://community.lithium.com/t5/Community-API-v2/OAuth-2-0-authorization-grant-flow/ta-p/138402 ) in wiki to get the authentication Bearer token. I can use this Bearer token to read data via V2 REST API.

 

However, if I try to write data back to the forum by REST API, like give a kudo to a post by calling REST API:

 

POST https://api.lithium.com/community/v1/[tanent name]/messages/id/[messageid]/kudos/give

Authentication: Bearer vuVDPEkI+XLytr7hMGo0RkwucYF8belsX2XjI1qu+zM=

client-id: xxxxxxxxxxxxxx(a valid client id)

 

I always get the error like this:

 

  <error code="303">

    <message>

      User xxxxx does not have the following permission(s) at 78: [ allow_restapi_call_read ]

    </message>

  </error>

 

One solution to solve this is our forum administrator grant my forum account writable permission then the API call to give a kudo will be successful.

 

So the questions are:

 

  1. how can we grant all our forum user the permission to write back to the forum by using RESTful API with our App?
  2. Should the administrator grant all the user the writable permission one by one or in batch?
  3. Or can we request a new consumer key/secret to enable the writable permission to the lithium via REST API?
  4. Or what is the best practice to write back to lithium via REST API?

 

Thanks.

7 Replies

  • fengka's avatar
    fengka
    Contributor
    9 years ago

     Hi TariqHussain,

     

    Thanks for your reply. What id Restadmin() ?  do I need to use any sdk to use this? Can we use the general Rest Client or Curl to call the REST API? Something like this:

     

    curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer vuVDPEkI+XLytr7hMGo0RkwucYF8belsX2XjI1qu+zM=“ -H "client-id: xxxxxxxxxxxxx" https://api.lithium.com/community/v1/[tanent name]/messages/id/[messageid]/kudos/give

     

    Actually, I am using javascript fetch api for the REST : https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch

    How can I make the restadmin() in this scenario?

  • fengka

    are you familiar with endpoints ? you need to create an endpoint and you will get endpoint url. with javascript you can directly hit your request to endpoint url.

    <#assign msgID = http.request.parameters.name.get("messageid","") />
    
      <#if msgID !=''>
    
        <#assign messages = restadmin("messages/id/${msgID}/kudos/give").messages >
         
      </#if >

     

  • fengka's avatar
    fengka
    Contributor
    9 years ago

    TariqHussain I am not familiar with the endpoints you mentioned here. The code you show here looks like is a javascript template by using FreeMarker? (Sorry I am not exactly sure about it).

     

    In my case I am using react native to develop a mobile app and it is using purely javascript to make the REST call. the calling is looking like this. I haven't found how to use restadmin() to call the api here.

     


    fetch(httpUrl)
    .then(function(response) {
    return response.json();
    })
    .then(function(myBlob) {

    });

  • SuzieH's avatar
    SuzieH
    Khoros Alumni (Retired)
    9 years ago

    Hi fengka

    For your calls to be successful, you'll need two permission settings (Make REST API calls with read access and Make REST API calls with modify access) to be set to Grant. This is done in Community Admin > Users. I think this will solve your issues. We describe this in our API doc in the Authentication section. Hope this helps.

  • fengka's avatar
    fengka
    Contributor
    9 years ago

    Hi SuzieH

     

    Thanks for your reply. This is one workable solution. After our lithium forum administrator enbled the allow_restapi_call_modify to (only) my account, I can modify the data like giving a kudo via REST API call. 

     

    This looks like need to grant the permission per user via the setting. However I have further questions:

     

    1. Can we enable the allow_restapi_call_modify to ALL the user by default with one time? We would like to let all the forum registered user modify the data via rest call. If we have to enable it one by one per user, that will be a huge work.

     

    2. If the answer to question 1 is yes, the next question is should we do it like that? Do we have potential security concern if all the user can modify forum data via REST API call?

     

    3. When doing the authentication, we are required to provide "client_id" and "client_secret", can we grant writable permission per "client_id"?

     

    Thanks.

     

  • YuriK's avatar
    YuriK
    Khoros Expert
    9 years ago

    Hey fengka,

    You can create a role which all registered users get and grant permissions to that role in Admin->Users->Permissions->Roles. Alternatively you can enable this permission by default across the community in Admin->Users->Permissions->Defaults, however this would give the write permission to anonymous users as well, so I would recommend going with the first approach.

     

    To your other questions:

     

    2) Other permissions would still apply, so users would not be able to modify data that they wouldn't have otherwise have access to. 

    3) There is no way currently to tie the permissions to clientid

     

    Hope this helps.