SOLVED: See posts #4 and #5
The call to api.init generates the required access token, client id, secret, and api version, but the call to user.save is returning an no_permission error.
Using vBCloud 5.6.0
Here's the code snippet to api.init:
PHP Code:
$requestparams = array(
'api_m' => 'api.init',
'clientname' => 'Client',
'clientversion' => '1.0',
'platformname' => 'Platform',
'platformversion' => '1.0',
'uniqueid' => 'XXXX'
);
// cURL
$url = 'https://myforum.com/api.php';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($ch);
curl_close($ch);
$curl_response_array = json_decode($curl_response,true);
// API
$apiaccesstoken = $curl_response_array['apiaccesstoken'];
$apiclientid = $curl_response_array['apiclientid'];
$apisecret = $curl_response_array['secret'];
$apiversion = $curl_response_array['apiversion'];
And the call to api.save:
PHP Code:
// User
$user = array(
'username' => "Test",
'email' => "test@test.com",
'usergroupid' => "14"
);
// Sort GET params by key
ksort($user);
// The HTTP GET params for an API method
// (without api related params except api_m. see below)
$requestparams = array(
'api_m' => 'user.save',
'userid' => '0',
'password' => '123',
'user' => $user,
'options' => '',
'adminoptions' => '',
'userfield' => ''
);
// Sort GET params by key
ksort($requestparams);
// The correct signature is the md5 value of $data + accesstoken + clientid + secret + apikey
// (all can be fetched from api_init except apikey
// -- this is a value specific to the vB site you are trying to connect to and can be found in the admincp)
$requestparams_string = http_build_query($requestparams);
$apisignature = md5($requestparams_string.$apiaccesstoken.$apiclientid.$apisecret.$apikey);
$requestparams['api_s'] = $apiaccesstoken;
$requestparams['api_sig'] = $apisignature;
$requestparams['api_v'] = $apiversion;
// cURL
$url = 'https://myforum.com/api.php';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($ch);
curl_close($ch);
$curl_response_array = json_decode($curl_response,true);
Here's the generate query string for the api.save call (I've replaced the hash strings with XXX):
HTML Code:
adminoptions=&api_m=user.save&options=&password=123&user%5Bemail%5D=test%40test.com&user%5Busergroupid%5D=14&user%5Busername%5D=Test&userfield=&userid=0&api_s=XXX&api_sig=XXX&api_v=560
Adding api_c to the user.save method call generates in invalid_api_signature. Otherwise, it's a no_permission error. Also tried logging in as administrator before creating a user and still got the no_permission error.
There's very little documentation on the API, any help would be appreciated?
Thanks