Derpibooru
Filters (Default) SettingsRegisterLogin

A couple API questions

Site and Policy » A couple API questions Search Posts
Started by Angius
Posted
6 replies
Subscribe
Angius

The Ponut Eater
I’m currently working on a desktop viewer for Derpibooru (Repo), and pretty much everything works, except a few things I couldn’t find in the docs:
 
  1. Is there any API call to send user login and password, and receive token in return? Not everyone knows where (or even what) the token is, but everyone knows what “login/password” textfields will do.  
  2. Are there any API calls for upvoting/downvoting the current image?  
  3. Similarly, is there one for favouriting it?  
  4. Any way to get and add comments through the API?
     
    And right now that’s about it. If I have any more questions, I’ll probably add them in this topic.
Posted Report
Angius

The Ponut Eater
@Background Pony #A5C5  
At a glance, up- and downvoting, as well as faving, require you to be logged in. The network panel doesn’t tell me how to send the token (or if token can even be used for authorization, for that matter). I see a cookie and a token that looks nothing like the regular user token being used for the request, but that’s about it.
Posted Report
Edited
Background Pony #6F0A
With fave and vote interactions, I think you can send the token in the key field (see Accessing the API section). The network panel should tell you the rest.
 
If you have the user give you their email and password, you might as well masquerade as a browser, fill in the login form, capture the cookies, navigate to the account page, and parse the token out.
Posted Report
Angius

The Ponut Eater
full  
There’s something I’m missing, or calls from resttest.com are blocked by Derpibooru. Managed to pull the endpoint url from DeliciousBlackLink’s abandoned Android app’s code, and it also seems that the parameters I’m passing were being passed by that app as well. Nevertheless, I’m getting HTTP 0 error.  
I’ll try changing the endpoint to be similar to how the documented endpoints look, maybe they’re changed.
Posted Report
Edited
Angius

The Ponut Eater
Update: Insomnia (an application for sending REST requests, not the medical condition lol) finally gives me something to work with, the error is Invalid or missing CSRF token, so it’s all about the cookies.
Posted Report
Edited
Angius

The Ponut Eater
Update: So I managed to get some cookies by parsing the login page with Xpath and sending a POST request, but they don’t seem to be the right kind, as trying to upvote posts with them passed in header results in 403 Forbidden.
 
The good thing is, we all can sleep safely knowing, that Derpibooru is secure as fuck. Or at least secure enough for me to not be able to do anything besides what the public API allows.
 
The bad thing is, well, I’m not able to do anything besides what the public API allows. And it’s pretty much limited to fetching stuff only, so no upvoting, no downvoting, no adding to favourites, nothing of the sorts.
Posted Report
Interested in advertising on Derpibooru? Click here for information!
My Little Ties crafts shop

Help fund the $15 daily operational cost of Derpibooru - support us financially!

Edit Preview
Syntax quick reference: **bold** *italic* ||hide text|| `code` __underline__ ~~strike~~ ^sup^ %sub%

Detailed syntax guide