Recreate Contact ME Buttons

Question

Hi Community !&nbsp;Context:&nbsp;I tried to recreate with the Freemakers and the REST API, the buttons we can find in the users.widget.contact-me component. I need some of these buttons to use them in a custom one.&nbsp;If I take the Add Friends button as an example. The link structure is the following :/t5/user/v2/viewprofilepage.addfriend/user-id/7?t:ac=user-id/7&amp;t:cp=notes/contributions/contactactions&amp;ticket=O-E-OfblJ14j_5&nbsp;I see 4 elements:/t5/user/v2/viewprofilepage.addfriend/user-id/nt:ac=user-id/nt:cp=notes/contributions/contactactionsticket=x&nbsp;Where [n] is the User ID. I find it in the Freemarkers context&nbsp;:${page.context.user.id} or ${user.id}, depending on the page context&nbsp;Where [x] is the ticket string.&nbsp;&nbsp;My question:&nbsp;Where can I call the [x] variable? How to generate it?&nbsp;I didn’t find anything concerning this ticket string in the doc and in the community posts (nothing inside the REST API or Freemarkers docs).&nbsp;I only found a Session ID string in the REST API:/restapi/vc/authentication/sessions/current/id (link here)It seems that it’s not the same string type than the ticket&nbsp;Other "discovery", about this REST call (Post):/restapi/vc/users/id/5/addressbook/contacts/friends/add (link here)But I can’t create a link with this call… I can only create an action (AJAX post ?)I’m not a fan of this solution: the session ID would be reachable by anyone...&nbsp;Maybe I'm doing wrong? Beforehand, thank you for your help and your lights ! :smileyhappy:&nbsp;Best regards,&nbsp;Stéphane

sguillemot · Answer

Hi YuriK ,&nbsp;Thank you for your answer.&nbsp;Indeed, I already thought about these solutions. And for the security reasons, I'm not comfortable with the cookie too... :smileysurprised:&nbsp;I managed to recreate the ticket via JS. I saw that an hidden input always contains this ticket value:&lt;input type="hidden" name="ticket" value="xxxxxxxxx"&gt;&nbsp;So, with jQuery :&nbsp;theTicket = jQuery('input[name=ticket]').attr('value');theLink = jQuery('.addtoFriendBut');theLink.attr('href',theLink.attr('href')+theTicket);&nbsp;With the HTML / Freemarker part :&lt;a class="addtoFriendBut" href="/t5/user/v2/viewprofilepage.addfriend/user-id/${page.context.user.id}?t:ac=user-id/${page.context.user.id}&amp;t:cp=notes/contributions/contactactions&amp;ticket="&gt;ADD ME !!!&lt;/a&gt;&nbsp;Not optimum because of the JS... but maybe it can help... :)&nbsp;&nbsp;Best regards,&nbsp;Stéphane

yurik · Answer

Hey&nbsp;Stéphane,
&nbsp;
The&nbsp;token (ticket) is there to prevent Cross-Site Request Forgery (Wikipedia: Cross-site request forgery). We don't currently have a way to generate or retrieve the ticket. The Session ID represents a Rest API session specifying the authenticated user.
&nbsp;
I think you have a few options to move forward with depending on your use case:
&nbsp;

Use skinning to achieve what you want: You may be able to use our default component but adjust it using CSS and possibly some light javascript
Use the AJAX approach with Rest API as you mentioned below:&nbsp;We have a configuration that allows you to use our cookie-based authentication for API calls (Rest API Authentication). This way you won't have to deal with the Session ID. Note: You would want to make sure to test this thoroughly and get this implementation reviewed by security so that you are not creating any CSRF vulnerabilities.
Create a custom component that references the users.widgets.contact-me component (Take a look at the referencing a component section of&nbsp;Working with components). You can then hide other portions of the contact-me component contained in your component using css.

&nbsp;
Hope this helps,
&nbsp;
Yuri

yurik · Answer

Hey Stéphane,
&nbsp;
Thank you for sharing, glad you found something that worked for you.
&nbsp;
Thank you,
&nbsp;
Yuri

Forum Discussion

Recreate Contact ME Buttons

Related Content

Recreating Badge-List Component

Escalate button

Hermes skin - Where is this button controlled?

Custom Reply button

Subscribe button not working for users

Recent Discussions

Connecting Khoros data to CRM (Salesforce)

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.