API

Tiki24 now has an API, leveraging swagger-api/swagger-ui

First commit: https://gitlab.com/tikiwiki/tiki/-/merge_requests/1028

Tiki 24+

A self-documented REST API has been added to Tiki 24 exposing the (arguably) most commonly used elements of the system.

Getting Started

Enable API access via Admin -> Security tab.

 Enable API access

In the Control Panel, the screenshot below shows how to enable API access:

• Check the box "API access"
• Click "Apply" to save your choice.

Enable API access

Documentation

The API Documentation is embedded Tiki. See /api/ on your target Tiki 24+ installation for an OpenAPI 3.0 documentation of the API.

 Documentation page

For example, let's assume that your Tiki 24+ instance is installed on https://yourtiki.xyz, then the page under https://yourtiki.xyz/api/ should look alike:

API Documentation page

Example: Let's GET the current Tiki version

GET/version Request

• Parameters: No parameters
• Type: application/json
• Code snippet (assuming yourtiki.xyz has API feature enabled).

Copy to clipboard

$ curl --request GET 'http://yourtiki.xyz/api/version'

Responses

• Value:

Copy to clipboard

{
  "version": "24.1vcs"
}

Authorization

API requests should be authenticated with a token created by Tiki admin (via Admin -> Security tab). Each token gives their owner access with one and only one Tiki user. Permissions configuration is then based on that Tiki user's groups.

Authorization: Bearer TOKEN

Tokens can be created in two ways:
1. Manually via Admin -> Security tab. Each token is associated with a user. Any API call using the token will act as the user observing all user's permissions.
2. Using Tiki OAuth 2.0 server. Documentation under /api/ on your target Tiki contains endpoints and parameters for different grant types.

OAuth 2.0 Server

Tiki can act as an OAuth server. Admin -> Security tab has a link to manage authenticated clients. This section creates client IDs and secrets for 3rd party apps using Tiki API. Authorization flow can be:
1. Machine-to-machine - use client authorization grant type. Send your credentials directly to access_token endpoint to retrieve the access token.
2. End-user-to-machine - use auth flow grant type. Start by sending the user to authorize endpoint. This allows Tiki to ask target user for permission to grant access token with their user privileges. Once agreed, user is redirected back to your app/web app/machine where you do a machine-to-machine request to access_token endpoint to get the actual access token.
Access tokens generated by Tiki OAuth server are JWT encoded.

Coverage

API endpoints include:
1. Authorization flow.
2. API version.
3. Category CRUD + object categorization.
4. Comments CRUD + thread locking and moderation.
5. Groups CRUD + user association.
6. Search index rebuild and lookup.
7. Trackers/Fields/Items CRUD + special features like dump/export, clone, duplicate, clear.
8. Manage object translations.
9. User registration and CRUD operations, messaging and emailing wiki pages.
10. Wiki pages CRUD, locking and parsing/display.

Major items still to be added:
1. Files and file galleries.
2. Articles, blogs, other wiki-related elements.
3. Calendars.
...todo

Pre-Tiki 24 notes

Aliases

• service URL
• URL arguments