2.8. Setting up the API

• 2.8.1. REST
• 2.8.2. Web Hooks
• 2.8.3. OAuth v2

By default the API schemas will be empty. You can use this SQL script to manually populate it.

api.sql

So when you populate the API schemas a new section /developer/app/search will be available. This is like Facebook developer portal (but more raw). It also auto creates docs /developer/docs/scopes and /developer/docs/webhooks.

2.8.1. REST

There’s 3 kinds of rest calls:

• Public REST call: /rest/public/profile/search
• App REST call: /rest/public/profile/detail/1?client_id=94341e9d0776b73cc7142cc161faf0e688fdbfb2
• User REST call: /rest/user/app/search?access_token=8cddabc765dbba7cccaa156105af08c04455775c

You can expect this is following OAuth v2 specs (as well as Facebook’s REST style) very closely. The following screenshot shows what the form fields are for in /admin/system/model/rest/create.

Paths in REST calls can also take route parameters like /profile/detail/:profile_id that will also be apart of the event call parameters.

2.8.2. Web Hooks

Then web hooks are like Github’s web hooks.

When you create a web hook it will then be available to the application to utilize.

But beware the web hook url given should be valid, or else every time you create a profile, it will be slow *(because it's trying to call that web hook url)*.

This way allows to create APIs without needing to program. but, you can also program in your own REST calls and webhooks manually in any controller.php. We are not stopping you from doing that.

2.8.3. OAuth v2

In /developer/app/search you can also try the 3-legged OAuth yourself.

This will redirect you to /dialog/request?client_id=94341e9d0776b73cc7142cc161faf0e688fdbfb2. You can use this same URL to authenticate via 3-Legged OAuth. For now, just click Allow.

When your done that it will return you back to the same screen with the same URL except with a code parameter. (ie. /developer/app/search?code=1234567890). If you have POST MAN you can call POST /rest/access?client_id=[your app key]&client_secret=[your app secret]&code=[the code you got earlier]. That will return session tokens in JSON as in the following.

POST /rest/access?client_id= 94341e9d0776b73cc7142cc161faf0e688fdbfb2&client_secret= d490f575cd1c48e1b970bb0427ae4ec2b2636403&code= b75272cbf7edbb7a434f77e904a27beb4fe08be7

{
    "error": false,
    "results": {
        "access_token": "f7b9427a17ad4f083fb109ba382a99ca",
        "access_secret": "9d5b6d575f13f2c14c5fa8cc843c07fd",
        "profile_id": "1",
        "profile_name": "John Doe",
        "profile_created": "2019-01-20 06:43:42"
    }
}

2.8.4. Conclusion

This way allows to create APIs without needing to program. you can also program in your own REST calls and web hooks manually. We are not stopping you from doing that. This is for all the basic REST and web hook calls implicitly.