History: API
Source of version: 43
Copy to clipboard
! API
Since ((Tiki24)) an API has been available, leveraging [https://packagist.org/packages/swagger-api/swagger-ui|swagger-api/swagger-ui]
See it in action here: https://doc.tiki.org/api/
First commit: https://gitlab.com/tikiwiki/tiki/-/merge_requests/1028
!! Tiki 27+
Significant updates made in ((Tiki27)), particularly to support Internet of Things (IoT) deployments, enhancing and adding support for:
* Trackers
* File galleries
More detail on the use of the API for IoT deployment can be found [https://dev.tiki.org/Internet-of-Things|here].
!! Tiki 24+
A self-documented REST API is available since Tiki 24. This new feature is exposing the most commonly used elements of the system, notably:
* Categories
* Comments
* Groups
* Search
* Trackers
* Translation
* Users
* and Wiki
To start using Tiki API, you may need to refer to this [https://doc.tiki.org/api/|documentation] which details its endpoints.
!!! Requirements
-+.htaccess+- file must be enabled to make the -+/api/+- URL work, which is standard practice to have ((SEFURLs)).
!!! Getting Started
Enable the preference -+auth_api_tokens+- via the admin page.
{REMARKSBOX(type="tip" title="Enable API access" close="n" store_cookie="n")}
In the Control Panel, the screenshot below shows how to enable -+auth_api_tokens+- labeled as API access:
* Check the box "API access"
* Click "Apply" to save your choice.
{img src="display2014" link="display1824" width="555" rel="box[g]" desc="Enable API access" styleimage="border" alt="Enable API access"}
{REMARKSBOX}
!!! Documentation
The Documentation is embedded in Tiki. See -+/api/+- on your target Tiki 24+ installation for an [https://doc.tiki.org/api/|OpenAPI 3.0 documentation] of the API.
{REMARKSBOX(type="tip" title="Documentation page" close="n" store_cookie="n")}
For example, let's assume that your Tiki 24+ instance is installed on -+https://example.org+-, then the page under -+https://example.org/api/+- should look alike:
{img src="display1823" link="display1823" width="555" rel="box[g]" desc="API Documentation page" styleimage="border" alt="Tiki API Documentation"}
!!!! Example: Let's -+GET+- the API version
__GET/version Request__
Assuming -+example.org+- has API feature enabled, this code snippet,
{CODE(theme="default")}$ curl --request GET 'http://example.org/api/version'{CODE}
Should return the following output as reponse:
{CODE()}{
"version": "24.1vcs"
}{CODE}
{REMARKSBOX}
See [https://doc.tiki.org/api/#/default/get_version|GET/version reference] in documentation.
!!! Authorization
API requests should be authenticated with a token created by Tiki admin (via Admin -> Security tab). Each token gives their owner access with one and only one Tiki user. ((Permissions)) configuration is then based on that Tiki ((User Groups|user's groups)).
{REMARKSBOX(type="tip" title="Authorization token" close="n" store_cookie="n")}
Bearer token authorization header in format:
{CODE()}Authorization: Bearer TOKEN{CODE}
{REMARKSBOX}
!!!! Tokens can be created in two ways:
{DIV(class=uol)}
# Using Tiki OAuth 2.0 server. The documentation contains endpoints and parameters for different grant types.
# Manually, in the Control Panel via Admin -> Security tab. Each token is associated with a user. Any API call using the token will act as the user observing all user's permissions.
{DIV}
{img src="display1825" link="display1825" width="555" rel="box[g]" desc="Using Tiki as OAuth 2.0 server or Create a user token" styleimage="border" alt="Create token"}
!!! OAuth 2.0 Server
[https://oauth.net/2/|OAuth 2] provides authorization flows for third-party applications.
{REMARKSBOX(type="tip" title="Tiki can act as an OAuth server." close="n" store_cookie="n")}
In the Control Panel, Admin -> Security tab has a link to manage authenticated clients. This section creates client IDs and secrets for web, desktop or mobile applications using Tiki API.
{REMARKSBOX}
Authorization flow can be:
{DIV(class=uol)}
# Machine-to-machine - use client authorization grant type. Send your credentials directly to access_token endpoint to retrieve the access token.
# End-user-to-machine - use auth flow grant type. Start by sending the user to authorize endpoint. This allows Tiki to ask target user for permission to grant access token with their user privileges. Once agreed, user is redirected back to your app/web app/machine where you do a machine-to-machine request to access_token endpoint to get the actual access token.
Access tokens generated by Tiki OAuth server are JWT encoded.
{DIV}
!!! Tiki Restful API Coverage
[https://en.wikipedia.org/wiki/Create,_read,_update_and_delete|CRUD operations](Create, Read, Update and Delete) are available for Category, Comments, Groups, Trackers/Fields/Items, Users and Wiki pages.
The endpoints include:
{DIV(class=uol)}
# Authorization flow.
# API version.
# Category: Object categorization and and CRUD.
# Comments: Thread locking, moderation and CRUD.
# Groups: User association and CRUD.
# Search index rebuild and lookup.
# Trackers/Fields/Items: Special features like dump/export, clone, duplicate, clear and CRUD.
# Manage object translations.
# User registration and CRUD operations, messaging and emailing wiki pages.
# Wiki pages: Locking and parsing/display and CRUD.
{DIV}
Major items in wishlist for next versions of the API:
{DIV(class=uol)}
# Files and file galleries (added in Tiki27)
# Articles, blogs, other wiki-related elements.
# Calendars.
{DIV}
See all the references in the [https://doc.tiki.org/api/|documentation].
Example Tracker API usage with JavaScript here [https://dev.tiki.org/API-Access-Example].
!!- Pre-Tiki 24 notes
Tiki can support wiki page updates (or data for most features in Tiki) by setting up ((data channels)) at this time. Adding a ((web service)) call to do it more directly would not be very hard so you can join in and ((dev:get your commit access))!
From tiki-admin.php, you can activate: "HTTP Basic Authentication: Check credentials from HTTP Basic Authentication, useful to allow webservices to use credentials." Related: ((Token Access))
!!! Use of Tiki services
Tiki's services live in -+lib/core/Services/+-. One can extrapolate the service URL from the file names and the names of the classes in the -+Controller.php+- files.
This only works if you have activated SEFURL feature.
Example:
For accessing information which is also available from searches in the Tiki site, the class is -+action_lookup()+- in file -+lib/core/Services/Search/Controller.php+-.
The path on tiki.org is: [https://tiki.org/tiki-search-lookup]
To refine the search, the arguments are the same as for [https://doc.tiki.org/PluginList-filter-control-block]
For example, in order to access the 45 first items from tracker 22, the syntax would be:
[https://tiki.org/tiki-search-lookup?filter~type=trackeritem&filter~tracker_id=22&maxRecords=45]
This works fine if called as ajax services from a page on the same Tiki.
If done from outside Tiki from another online server, only data visible for ''anonymous user'' (not logged in) will be shown.
In order to access data which is not visible to ''anonymous'' user, you may want to have a look at [https://doc.tiki.org/Token-Access].
!!! Controller pages
Where you can find more specific information and samples for the different controllers
* ((API Tracker))
!! Aliases
* (alias(service URL))
* (alias(URL arguments))