Where's the token from login endpoint? #api


groups@...
 
Edited

In the log which follows, I have redacted sensitive information.
 
When I run curl (for a crude test) from an Ubuntu Linux 20.04 system using the /login endpoint, providing valid email and password, I get back the following JSON (re-formatted by jsonlint.com website). There is no error indicated that I can see. So...where's the "token": "", section that's supposed to be near the end of the JSON response?
 
Without the token, I can't really perform any other API operations, no? I have reread https://groups.io/api#login and cannot seem to locate the error.
 
dave@Moonquake:~$ curl "https://groups.io/api/v1/login" -c /tmp/cookies.curl -d "email=&password="
 
{
"user": {
"id": "",
"object": "user",
"created": "2021-09-06T15:18:09.179936685-07:00",
"updated": "2021-09-06T15:21:10.557412629-07:00",
"email": "",
"full_name": "",
"user_name": "",
"timezone": "America/New_York",
"status": "user_status_confirmed",
"profile_photo_url": "",
"post_pref": "user_postpref_html",
"per_page_pref": "user_per_page_pref20",
"allow_facebook_login": false,
"allow_google_login": false,
"allow_sso_login": false,
"csrf_token": "",
"two_factor_enabled": false,
"recovery_codes": "",
"dont_munge_message_id": false,
"about_me": "",
"about_format": "about_html",
"location": "",
"website": "",
"time_pref": "standard_time",
"date_pref": "us_date",
"monday_start": false,
"profile_privacy": "profile_private",
"default_message_view": "thread_view",
"topics_sort_dir": "sort_none",
"topic_sort_dir": "sort_asc",
"messages_sort_dir": "sort_none",
"expanded_messages_sort_dir": "sort_none",
"search_sort": "date_sort",
"search_sort_dir": "sort_none",
"photos_order_by": "",
"photos_sort_dir": "sort_none",
"album_order_by": "",
"album_sort_dir": "sort_none",
"default_calendar_view": "cal_view_month",
"default_hashtag_view": "view_grid",
"default_rsvp_view": "view_grid",
"home_page": "home_page_feed"
}
}

dave@Moonquake:~$ cat /tmp/cookies.curl
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
 
#HttpOnly_.groups.io    TRUE    /       TRUE    1633560642      groupsio        <REDACTED_DATA>
 


Derek Milliner
 

By default the login uses cookie-based so the 'token' as such is in the cookie. If you add 'token=true' to the request (so "email=&password=&token=true") you'll get the token stanza in the return:

    },

    "token""ey...EZhY"
}

If you don't already, I'd recommend using the (free) Postman REST client for experimenting with the API;
https://www.postman.com/product/rest-client/


Derek Milliner
 

Meant to add to that that the example in the API docs (https://groups.io/api#login) is a bit misleading on that - it shows a cookie-based request with a token-based response :-)


groups@...
 

On Tue, Sep 7, 2021 at 04:37 AM, Derek Milliner wrote:
Meant to add to that that the example in the API docs (https://groups.io/api#login) is a bit misleading on that - it shows a cookie-based request with a token-based response :-)

Derek,

Thank you so much. That explains my confusion -- if the documentation is mixed up, that provides a shaky foundation to build on.

So I followed your example adding the "token=yes" POST parameters and was able to get a token back. The next thing I would like to do is to get a group's topics using token-based auth. The example in the documentation is:

curl "https://groups.io/api/v1/gettopics?groupid=2" \
-b "cookies.curl"


The documentation example above looks like a cookies-based auth request. How do I convert that into a token-based request?

For example, this below results in an "unauthorized" error:

dave@Moonquake:~ $ curl "https://groups.io/api/v1/gettopics?group_name=<group_name>" -d token="<redacted>"
{"object":"error","type":"unauthorized_error","extra":""}

 

*pulls out hair*

Likewise I tried this:

dave@Moonquake:~ $ curl "https://groups.io/api/v1/gettopics?group_name=<group_name>" -a 123456: -d token="<redacted>"
{"object":"error","type":"unauthorized_error","extra":""}


What is weird is I can get the cookie-based auth working in Postman (but not token-based auth) -- not sure where the differences is between Postman and curl, honestly.

I appreciate all your assistance with me figuring out how to use the API.

-Dave


 

On Tue, Sep 7, 2021 at 8:10 AM <groups@...> wrote:

For example, this below results in an "unauthorized" error:

dave@Moonquake:~ $ curl "https://groups.io/api/v1/gettopics?group_name=<group_name>" -d token="<redacted>"
{"object":"error","type":"unauthorized_error","extra":""}

 

To use a token with curl, include the token using the '-u' parameter to curl, so something like:

Also note the colon at the end.

Cheers,
Mark


groups@...
 

Ok, got it. The token is not a variable to pass, but rather the username. Thanks.

It would be helpful to future folks to probably provide this information in the API documentation. :-)

Thanks again.