History: API
Preview of version: 34
API
Tiki24 has an API, leveraging swagger-api/swagger-ui
First commit: https://gitlab.com/tikiwiki/tiki/-/merge_requests/1028
Tiki 24+
A self-documented REST API is available since Tiki 24. This new feature is exposing the most commonly used elements of the system, notably:
- Categories
- Comments
- Groups
- Search
- Trackers
- Translation
- Users
- and Wiki
To start using Tiki API, you may need to refer to this documentation which details its endpoints.
Requirements
.htaccess
file must be enabled to make the /api/
URL work!
Getting Started
Enable API access via Admin -> Security tab.
Documentation
The Documentation is embedded in Tiki. See /api/
on your target Tiki 24+ installation for an OpenAPI 3.0 documentation of the API.
For example, let's assume that your Tiki 24+ instance is installed on https://example.org
, then the page under https://example.org/api/
should look alike:
Example: Let's GET
the API version
GET/version Request
Assuming example.org
has API feature enabled, this code snippet,
$ curl --request GET 'http://example.org/api/version'
Should return the following output as reponse:
{ "version": "24.1vcs" }
See GET/version reference in documentation.
Authorization
API requests should be authenticated with a token created by Tiki admin (via Admin -> Security tab). Each token gives their owner access with one and only one Tiki user. Permissions configuration is then based on that Tiki user's groups.
Bearer token authorization header in format:
Authorization: Bearer TOKEN
Tokens can be created in two ways:
- Using Tiki OAuth 2.0 server. The documentation contains endpoints and parameters for different grant types.
- Manually, in the Control Panel via Admin -> Security tab. Each token is associated with a user. Any API call using the token will act as the user observing all user's permissions.
OAuth 2.0 Server
OAuth 2 provides authorization flows for third-party applications.
In the Control Panel, Admin -> Security tab has a link to manage authenticated clients. This section creates client IDs and secrets for web, desktop or mobile applications using Tiki API.
Authorization flow can be:
- Machine-to-machine - use client authorization grant type. Send your credentials directly to access_token endpoint to retrieve the access token.
- End-user-to-machine - use auth flow grant type. Start by sending the user to authorize endpoint. This allows Tiki to ask target user for permission to grant access token with their user privileges. Once agreed, user is redirected back to your app/web app/machine where you do a machine-to-machine request to access_token endpoint to get the actual access token.
Access tokens generated by Tiki OAuth server are JWT encoded.
Tiki Restful API Coverage
CRUD operations(Create, Read, Update and Delete) are available for Category, Comments, Groups, Trackers/Fields/Items, Users and Wiki pages.
The endpoints include:
- Authorization flow.
- API version.
- Category: Object categorization and and CRUD.
- Comments: Thread locking, moderation and CRUD.
- Groups: User association and CRUD.
- Search index rebuild and lookup.
- Trackers/Fields/Items: Special features like dump/export, clone, duplicate, clear and CRUD.
- Manage object translations.
- User registration and CRUD operations, messaging and emailing wiki pages.
- Wiki pages: Locking and parsing/display and CRUD.
Major items in wishlist for next versions of the API:
- Files and file galleries.
- Articles, blogs, other wiki-related elements.
- Calendars.
See all the references in the documentation.