Yepp, api docs are really bad. Solution is the security token getting by login call.
Following example works in my local xammp dev enviroment. I've used loginSpecificUser but also login2 is possible. After login fetchCurrentUserinfo and get username (to check if correct login) and securitytoken.
After that an example for adding an post and adding a user.
You need to change apikey, urlapibase, userid and password for userid
PHP Code:
<?php
$requestparams = array(
'api_m' => 'api.init',
'clientname' => 'Muschebuhbuh',
'clientversion' => '1.0',
'platformname' => 'Muschebuhbuh',
'platformversion' => '1.0',
'uniqueid' => 'test123'
);
$urlapibase = 'http://localhost/forum/api.php'; //replace with your url, but don't use .../core/api.php
// cURL
$url = $urlapibase;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($ch);
curl_close($ch);
$curl_response_array = json_decode($curl_response, true);
// API
$apiaccesstoken = $curl_response_array['apiaccesstoken'];
$apiclientid = $curl_response_array['apiclientid'];
$apisecret = $curl_response_array['secret'];
$apiversion = $curl_response_array['apiversion'];
$apikey = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; //replace with your generated api key from admincp
echo '-------------- first init -----------------';
echo 'apiaccesstoken : ';
var_dump($apiaccesstoken);
//echo 'curl_response_array : ';
//var_dump($curl_response_array2);
// you can use also user.login or user.login2, but with other params
$requestparams = array(
'api_m' => 'user.loginSpecificUser',
'userid' => 1, // change userid for login
'passwords' => array(
'password' => 'xxxxxxx', // password for userid
'md5password' => md5('xxxxx'), //same password
'md5password_utf' => ''
),
'extraAuthInfo' => array(
'mfa_authcode' => ""
),
'logintype' => 'cplogin'
);
ksort($requestparams);
$requestparams_string = http_build_query($requestparams);
$url = $urlapibase.'?'.$requestparams_string;
$apisignature = md5($requestparams_string.$apiaccesstoken.$apiclientid.$apisecret.$apikey);
$requestparams['api_s'] = $apiaccesstoken;
$requestparams['api_sig'] = $apisignature;
$requestparams['api_v'] = $apiversion;
$requestparams['api_c'] = $apiclientid;
// cURL
define("COOKIE_FILE", "cookie.txt");
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIE_FILE);
curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIE_FILE);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($ch);
$curl_response_array = json_decode($curl_response, true);
curl_close($ch);
$remember_me = $curl_response_array['password'];
$sessionhash = $curl_response_array['sessionhash'];
$cpsession = $curl_response_array['cpsession'];
echo '-------------- login user -----------------';
echo 'curl_response_array : ';
var_dump($curl_response_array);
// echo 'remember_me : ';
// var_dump($remember_me);
// echo 'sessionhash : ';
// var_dump($sessionhash);
// echo 'cpsession : ';
// var_dump($cpsession);
// fetch User Info
$requestparams = array(
'api_m' => 'user.fetchCurrentUserinfo'
);
ksort($requestparams);
$url = $urlapibase.'?'.http_build_query($requestparams);
$requestparams_string = http_build_query($requestparams);
$apisignature = md5($requestparams_string.$apiaccesstoken.$apiclientid.$apisecret.$apikey);
$requestparams['api_s'] = $apiaccesstoken;
$requestparams['api_sig'] = $apisignature;
$requestparams['api_v'] = $apiversion;
$requestparams['api_c'] = $apiclientid;
// cURL
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
$curl_response = curl_exec($ch);
$information = curl_getinfo($ch);
curl_close($ch);
$curl_response_array = json_decode($curl_response, true);
echo '--------------- fetch user info ----------------';
//echo 'header information : ';
//var_dump($information);
//echo 'curl_response_array : ';
//var_dump($curl_response_array);
echo 'username : (should be the logged in username)';
var_dump($curl_response_array['username']);
echo 'securitytoken : ';
var_dump($curl_response_array['securitytoken']);
$securitytoken = $curl_response_array['securitytoken'];
// Content add
$requestparams = array(
'api_m' => 'content_text.add',
'data' => array(
'rawtext' => "Content for Content_Title 14",
'title' => "Content_Title 14",
'parentid' => 3,
'userid' => 1
),
'options' => array()
);
ksort($requestparams);
$url = $urlapibase.'?'.http_build_query($requestparams);
$requestparams_string = http_build_query($requestparams);
$apisignature = md5($requestparams_string.$apiaccesstoken.$apiclientid.$apisecret.$apikey);
$requestparams['api_s'] = $apiaccesstoken;
$requestparams['api_sig'] = $apisignature;
$requestparams['api_v'] = $apiversion;
$requestparams['api_c'] = $apiclientid;
$requestparams['securitytoken'] = $securitytoken;
// cURL
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
$curl_response = curl_exec($ch);
$information = curl_getinfo($ch);
curl_close($ch);
$curl_response_array = json_decode($curl_response, true);
echo '------------ content add -------------------';
//echo 'header information : ';
//var_dump($information);
echo 'curl_response_array : ';
var_dump($curl_response_array);
// User
$user = array(
'username' => "Test4",
'email' => "test4@test.com",
'usergroupid' => "2"
);
ksort($user);
$requestparams = array(
'api_m' => 'user.save',
'userid' => '0',
'password' => '123',
'user' => $user,
'options' => '',
'adminoptions' => '',
'userfield' => ''
);
ksort($requestparams);
$url = $urlapibase.'?'.http_build_query($requestparams);
$requestparams_string = http_build_query($requestparams);
$apisignature = md5($requestparams_string.$apiaccesstoken.$apiclientid.$apisecret.$apikey);
$requestparams['api_s'] = $apiaccesstoken;
$requestparams['api_sig'] = $apisignature;
$requestparams['api_v'] = $apiversion;
$requestparams['api_c'] = $apiclientid;
$requestparams['securitytoken'] = $securitytoken;
// cURL
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
$curl_response = curl_exec($ch);
$information = curl_getinfo($ch);
curl_close($ch);
$curl_response_array = json_decode($curl_response, true);
echo '------------ add user -------------------';
//echo 'header information : ';
//var_dump($information);
echo 'curl_response_array : ';
var_dump($curl_response_array);