Pure API Community Front End - RFC
I'd like to start a discussion centered around the documentation of building a pure API version of Community. I know others here have explored this as well to some extent, however the information cov...
Forum Discussion
API authetication (without SSO)
From your AppServer (e.g PHP or Ruby) your code accesses the Rest URL supplying your username and password which returns you the session token for that user account. You must present this session token in subsequent Rest calls for access to functions / data that are available to this user role. The session key will expire after 30 minutes of inactivity.
Rest URL: http://community.lithium.com/community-name/restapi/vc/authentication/sessions/login
API authentication (with SSO)
Your AppServer must first retreive the SSO token from the SSO system using whatever mechanism is required (username/password etc).
The process from here is much the same as without SSO, your AppServer code accesses the Rest URL supplying the SSO token which returns you the session token for that user account.
Considerations / Issues
- A session token is only required to access operations that require you to be logged in (like Kudo'ing something).
- Calls to the REST API without a session token are considered to be anoymous and generally are the same as accessing Community directly while being logged out.
- Its been documented here before that performing activities via the REST API with a user session token may/ does not update the users metrics, such as Post, Kudo and view counts. (?).
