Hello,

We've been trying to use the vBulletin API and have spent hours attempting to successfully keep a user logged in to no avail This is very frustrating because the documentation on and vBulletin support regarding the API is very limited.

We have managed to successfully login users via the API and receive (for example) the following information back:

[session] => Array
(
[dbsessionhash] => 9e0df97bb21240fc014418ede5e6c1bd
[userid] => 1


So we are able to successfully login a user. However, we do not know and have not been able to figure out how to KEEP the user logged in for each subsequent API call / request for that user.

Specifically, we are referring to this (very vague) part of the vBulletin API documentation help (found here: https://www.vbulletin.com/forum/content.php/368-Login-Logout-Process-Mobile-API):

"So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken. Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars. After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls."

Could anyone please be kind enough to dissect this paragraph for us and explain it in step-by-step detail so we can get this to work properly?

We are completely stuck at this point and it's so frustrating because we've gotten everything else to work perfectly with the API.

Please let us know and thank you so much! We really appreciate it! :)

I don't have any experience with the api, but if you look at this page: https://www.vbulletin.com/forum/content.php/334-mobile-api the section titled "Request/Result Verification" seems to show some code for signing a request.

I don't have any experience with the api, but if you look at this page: https://www.vbulletin.com/forum/content.php/334-mobile-api the section titled "Request/Result Verification" seems to show some code for signing a request.Thanks, but we are already able to sign any and all API requests, we just don't know what we need to do to keep the user signed in for all subsequent requests and that paragraph we quoted in our OP is incredibly vague with no examples provided.

Anyone else?

When you call api_init, you get given an access token.


array (
'apiversion' => 4,
'apiaccesstoken' => '31e6c1ea1ae6eca7a538057781234567',
'bbtitle' => 'Test Forum',
'bburl' => 'http://www.xxxxxxx.org/vb/40a',
'bbactive' => 1,
'forumhome' => 'index',
'vbulletinversion' => '4.1.10',



You pass this in all other calls as 'api_s', this is the sessionhash for your user.


api_c = 2
api_m = private_messagelist
api_v = 4
api_s = 31e6c1ea1ae6eca7a538057781234567
api_sig = dab14537fd1bf42119a359ee6265fa0a
folderid=-1

When you call api_init, you get given an access token.


array (
'apiversion' => 4,
'apiaccesstoken' => '31e6c1ea1ae6eca7a538057781234567',
'bbtitle' => 'Test Forum',
'bburl' => 'http://www.xxxxxxx.org/vb/40a',
'bbactive' => 1,
'forumhome' => 'index',
'vbulletinversion' => '4.1.10',



You pass this in all other calls as 'api_s', this is the sessionhash for your user.


api_c = 2
api_m = private_messagelist
api_v = 4
api_s = 31e6c1ea1ae6eca7a538057781234567
api_sig = dab14537fd1bf42119a359ee6265fa0a
folderid=-1




Thanks for your assistance, Paul. However, we are already doing what you have outlined above. That's simply how to sign and execute any method with the API. We've already gotten that to work a long time ago, that isn't the problem here.

The problem is how to keep a user logged in AFTER you've run the login_login (https://www.vbulletin.com/forum/content.php/368-Login-Logout-Process-Mobile-API):) method. Specifically, this:
"So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken. Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars. After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls."


How do we do that?

That's simply how to sign and execute any method with the API. We've already gotten that to work a long time ago, that isn't the problem here.

The problem is how to keep a user logged in AFTER you've run the login_login (https://www.vbulletin.com/forum/content.php/368-Login-Logout-Process-Mobile-API):) method. Specifically, this:

How do we do that?
What I have told you is how its done.

When you create a session with api_init, and get the (session) accesstoken, the userid in the session table at that point is 0. Once you login correctly using the login_login method, that session userid is changed to x (your userid), so any future requests with that access token will run as userid x.

FYI, those details were taken direct from a sucessful session, where I logged in, and then checked the PM folder.

What I have told you is how its done.

When you create a session with api_init, and get the (session) accesstoken, the userid in the session table at that point is 0. Once you login correctly using the login_login method, that session userid is changed to x (your userid), so any future requests with that access token will run as userid x.



FYI, those details were taken direct from a sucessful session, where I logged in, and then checked the PM folder.


OK, let's dissect the paragraph we pasted earlier because something doesn't make sense to us.

Here is the paragraph:
"So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken. Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars. After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls."



Now let's dissect it one-by-one:
So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken. Do we need to do anything different with this new call to api_init once we have the "dbsessionhash" from method login_login? How does this new call to api_init know the user is logged in unless we pass something new to it (e.g. the "dbsessionhash" from login_login) ?



Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars. Which "sessionhash" and "securitytoken" is it referring to specifically? Is "sessionhash" referring to the "dbsessionhash" we get from the login_login method or is it referring to something from api_init (if so, what specifically) ? What about the "securitytoken", is it referring to the "apiaccesstoken" we get from calling api_init again or something else (if so, what specifically) ?



After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls.How do we add this new "sessionhash" and "securitytoken" to a future API method call? Do we add them to the parameter array that already includes ("api_m" => [method name]) ? If so, what do we name the keys?



Please be as clear and specific as you can, and please provide examples where possible. This is very confusing but we are relieved to hear you actually got it to work! Thanks again for your assistance with this, we greatly appreciate it.

Hi,

I am facing similar problem. Did you get answer to this? Please help.
Once logged in using api when i am redirecting to activity.php url with s=sessionid, still it asks me to enter username and password. I expect it to land me in logged in page.

Regards

Was anyone able to fix this? I am facing the exact same thing