Loading...
 
Skip to main content

History: API

Preview of version: 39

API

Since Tiki24 an API has been available, leveraging swagger-api/swagger-ui

First commit: https://gitlab.com/tikiwiki/tiki/-/merge_requests/1028

Tiki 27+

Significant updates made in Tiki 27, particularly to support IoT deployments, enhancing and adding support for:

  • Trackers
  • File galleries

Tiki 24+

A self-documented REST API is available since Tiki 24. This new feature is exposing the most commonly used elements of the system, notably:

  • Categories
  • Comments
  • Groups
  • Search
  • Trackers
  • Translation
  • Users
  • and Wiki


To start using Tiki API, you may need to refer to this documentation which details its endpoints.

Requirements

.htaccess file must be enabled to make the /api/ URL work, which is standard practice to have SEFURLs.

Getting Started

Enable the preference auth_api_tokens via the admin page.

 Enable API access

In the Control Panel, the screenshot below shows how to enable auth_api_tokens labeled as API access:

  • Check the box "API access"
  • Click "Apply" to save your choice.
Enable API access
Enable API access

Documentation

The Documentation is embedded in Tiki. See /api/ on your target Tiki 24+ installation for an OpenAPI 3.0 documentation of the API.

 Documentation page

For example, let's assume that your Tiki 24+ instance is installed on https://example.org, then the page under https://example.org/api/ should look alike:

Tiki API Documentation
API Documentation page

Example: Let's GET the API version

GET/version Request

Assuming example.org has API feature enabled, this code snippet,

Copy to clipboard
$ curl --request GET 'http://example.org/api/version'

Should return the following output as reponse:

Copy to clipboard
{ "version": "24.1vcs" }

See GET/version reference in documentation.

Authorization

API requests should be authenticated with a token created by Tiki admin (via Admin -> Security tab). Each token gives their owner access with one and only one Tiki user. Permissions configuration is then based on that Tiki user's groups.

 Authorization token

Bearer token authorization header in format:

Copy to clipboard
Authorization: Bearer TOKEN

Tokens can be created in two ways:

  1. Using Tiki OAuth 2.0 server. The documentation contains endpoints and parameters for different grant types.
  2. Manually, in the Control Panel via Admin -> Security tab. Each token is associated with a user. Any API call using the token will act as the user observing all user's permissions.
Create token
Using Tiki as OAuth 2.0 server or Create a user token

OAuth 2.0 Server

OAuth 2 provides authorization flows for third-party applications.

 Tiki can act as an OAuth server.

In the Control Panel, Admin -> Security tab has a link to manage authenticated clients. This section creates client IDs and secrets for web, desktop or mobile applications using Tiki API.

Authorization flow can be:

  1. Machine-to-machine - use client authorization grant type. Send your credentials directly to access_token endpoint to retrieve the access token.
  2. End-user-to-machine - use auth flow grant type. Start by sending the user to authorize endpoint. This allows Tiki to ask target user for permission to grant access token with their user privileges. Once agreed, user is redirected back to your app/web app/machine where you do a machine-to-machine request to access_token endpoint to get the actual access token.

Access tokens generated by Tiki OAuth server are JWT encoded.

Tiki Restful API Coverage

CRUD operations(Create, Read, Update and Delete) are available for Category, Comments, Groups, Trackers/Fields/Items, Users and Wiki pages.
The endpoints include:

  1. Authorization flow.
  2. API version.
  3. Category: Object categorization and and CRUD.
  4. Comments: Thread locking, moderation and CRUD.
  5. Groups: User association and CRUD.
  6. Search index rebuild and lookup.
  7. Trackers/Fields/Items: Special features like dump/export, clone, duplicate, clear and CRUD.
  8. Manage object translations.
  9. User registration and CRUD operations, messaging and emailing wiki pages.
  10. Wiki pages: Locking and parsing/display and CRUD.

Major items in wishlist for next versions of the API:

  1. Files and file galleries.
  2. Articles, blogs, other wiki-related elements.
  3. Calendars.

See all the references in the documentation.
Example Tracker API usage with JavaScript here https://dev.tiki.org/API-Access-Example.

Pre-Tiki 24 notes

[+]

Aliases

History

Advanced
Information Version
Geoff Brickell 45
Geoff Brickell 44
Marc Laporte 43
Geoff Brickell 42
Geoff Brickell 41
Geoff Brickell 40
Geoff Brickell 39
Merci Jacob 38
Merci Jacob Correct preference inconsistency 37
Jonny Bradley example added 36
Marc Laporte 35
luciash d' being 🧙 requirements: .htaccess must be enabled 34
Marcellin Wabo 33
Marcellin Wabo 32
Marcellin Wabo 31
Marcellin Wabo 30
Marcellin Wabo 29
Marc Laporte 28
Marcellin Wabo Add documentation link at the end of "Coverage" paragraph. 27
Marcellin Wabo 26
Marcellin Wabo 25
Marcellin Wabo 24
Marcellin Wabo 23
Marcellin Wabo 22
Marcellin Wabo 21
Marcellin Wabo 20
Marcellin Wabo 19
Marcellin Wabo 18
Marcellin Wabo 17
Marcellin Wabo 16
Marcellin Wabo 15
Marcellin Wabo 14
Marcellin Wabo 13
Marcellin Wabo 12
Victor Emanouilov 11
Marc Laporte 10
Marc Laporte 9
Marc Laporte 8
Bernard Sfez / Tiki Specialist 7
Bernard Sfez / Tiki Specialist Adding child pages to give more example to users 6
Jean-Marc Libs 5
Marc Laporte 4
Marc Laporte 3
Marc Laporte 2
Marc Laporte 1