The Midrub’s Api follows the OAuth 2.0 rules but isn’t based on external libraries. To use the Midrub’s api, you have to create a new application in Admin -> Settings -> Apps(Api Section).

Each Api Application should have a name, other fields like Application Redirect Url, Cancel Redirect Url and Application’s permissions are optionally. You have to add redirect url and cancel url only if you’re using the Midrub’s api to create an application where user should approve the permissons of your application. If the application is based on username/password login, redirect url isn’t required.

The field Application’s permissions allows you to select by default which permissions will be able to use the users.

In the screenshot above you can see two permissions:

  1. user_posts – is used to read the user’s social posts from Midrub. And this permissions can be used to create posts.
  2. user_social_accounts – is used to get the user social accounts

You can easily add new permissions in Midrub and write the methods for endpoints. In the video below you can see how to create new permissions:

When user approves the Api’s application permissions or sign in with username(email, username or team’s member username) and password, Midrub creates an access token with length more than 125 characters.

Security Rules:

  • If user tries 5 failed login attempts the user will be blocked for a hour.
  • If someone tries to guess the access token which 5 times, will be blocked for a hour.
  • Access token is generated in random way, but at the begin has the username and _

In Admin panel -> Settings you will see the section Permissions, this section was created for future permissions approvation. You can decide if your clients will be able to see/use them or request like on Facebook.

To generate a access token with permissions approvation, please use this code to get an autorization code(PHP but you can adapt it for any language):

// Set params
$params = array(
‘application_id’ => ‘your application id’,
‘application_secret’ => ‘your app secret’,
‘redirect_uri’ => ‘your application redirect’,
‘response_type’ => ‘code’,
‘scope’ => array(‘user_posts’)
);

// Generate redirect url
$loginUrl = ‘http://www.yourwebsite.com/oauth2/authorize?’ . urldecode(http_build_query($params));

// Redirect
header(‘Location:’ . $loginUrl);

After redirect, you have to change the authorization code for an access token and you can use this code:

$params = array(
‘application_id’ => ‘your application id’,
‘application_secret’ => ‘your application secret’,
‘redirect_uri’ => ‘your redirect’,
‘code’ => ‘code got from authorization’,
‘grant_type’ => ‘authorization_code’
);

// Get access token
$curl = curl_init(‘http://www.yourwebsite.com/oauth2/authorize’);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt(
$curl, CURLOPT_POSTFIELDS, $params
);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$response = json_decode(curl_exec($curl), true);
curl_close($curl);

if ( isset($response[‘access_token’]) ) {

// Access token was generated

} else {

// Access token wasn’t generated

}

 

To generate an access token based on username/password you can use this code:

 

$params = array(
‘application_id’ => ‘your application id’,
‘application_secret’ => ‘your application secret’,
‘redirect_uri’ => ‘your redirect’,
‘username’ => ‘username/email/team member’,
‘password’ => ‘password’,
‘grant_type’ => ‘password’
);

// Get access token
$curl = curl_init(‘http://www.yourwebsite.com/oauth2/token’);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt(
$curl, CURLOPT_POSTFIELDS, $params
);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$response = json_decode(curl_exec($curl), true);
curl_close($curl);

if ( isset($response[‘access_token’]) ) {

// Access token was generated

} else {

Access token wasn’t generated

}

 

At this moment i’ve added by default 4 api endpoints to get posts, get accounts, create posts and delete accounts:

To get posts:

$params = array(
‘access_token’ => ‘access_token’,
‘limit’ => 5, // Limit of posts
‘page’ => 2 // Page number
);

$curl = curl_init();
curl_setopt_array($curl, array(CURLOPT_RETURNTRANSFER => 1, CURLOPT_URL => ‘http://www.yourwebsite.com/rest-app/posts/get_user_posts?’.urldecode(http_build_query($params)),CURLOPT_HEADER => false));
$userPosts = curl_exec($curl);
curl_close($curl);

 

To delete posts:

$params = array(
‘access_token’ => ‘access_token’,
‘post_id’ => ‘enter the post id’
);
$curl = curl_init();
curl_setopt_array($curl, array(CURLOPT_RETURNTRANSFER => 1, CURLOPT_URL => ‘http://www.yourwebsite.com/rest-app/posts/delete_post?’.urldecode(http_build_query($params)),CURLOPT_HEADER => false));
$userPosts = curl_exec($curl);
curl_close($curl);

 

Get user social accounts by page:

$data = array(
‘page’ => 1,
);

$ch = curl_init(‘http://www.yourwebsite.com/rest-app/posts/get_user_accounts’);
$authorization = “Authorization: Bearer access-token”;
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
$authorization));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, “POST”);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($ch);
curl_close($ch);

Create a post:

// Create new post
$data = array(
‘body’ => ‘new post here’, // string
‘title’ => ‘post title’, //string
‘datetime’ => ‘year-month-day hour:minutes:seconds’, // Scheduled time
‘current_time’ => ‘year-month-day hour:minutes:seconds’, // Current user time
‘image’ => ‘image source’,
‘accounts’ => ‘array with accounts ids’,
);

$ch = curl_init(‘http://www.yourwebsite.com/rest-app/posts/create_post’);
$authorization = “Authorization: Bearer access-token”;
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
$authorization));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, “POST”);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$response = curl_exec($ch);
curl_close($ch);

Videos aren’t support.

The api uses post submit data, to make it work, please add in config.php this:

$config[‘csrf_exclude_uris’] = array(‘bots/inbox’, ‘oauth2/token’, ‘rest-app/posts/delete_post’, ‘rest-app/posts/get_user_accounts’, ‘rest-app/posts/create_post’);

if you don’t have inbox, add only this:

$config[‘csrf_exclude_uris’] = array(‘oauth2/token’, ‘rest-app/posts/delete_post’, ‘rest-app/posts/get_user_accounts’, ‘rest-app/posts/create_post’);