Free API Client packages
Rate limit
120 requests per minute (0.5 seconds delay between requests).
If you exceed the limit, the response code 429 will be returned to you.
Token configuration
You can pass the token as a query parameter or in the request headers
- Query parameter: oauth_token=*token*
- Header: Authorization: "Bearer *token*"
Discoverability
System information and availability can be determined by sending a GET request to / (index route). A list of resources will be returned. If the request is authenticated, the revisions of API system and installed modules will also made available for further inspection.
Status codes
| Code | Name | Description |
|---|---|---|
| 200 | OK | The request was successfully completed. |
| 400 | Bad Request | The request is invalid due to client error. |
| 401 | Unauthorized | Authentication is required. |
| 403 | Forbidden | You do not have permission to view this page or perform this action. |
| 429 | Too Many Requests | Too many requests in a short period. |
| 500 | Internal Server Error | An internal server error occurred, try again later or report it here. |
| 502 | Bad Gateway | The gateway encountered an error while processing the request, try again later. |
| 503 | Service Unavailable | The server is temporarily unavailable, try again later. |
| 504 | Gateway Timeout | The gateway timed out waiting for a response, try again later. |
Common Parameters
i18n
All API requests accept locale parameter to switch user facing messages to specified language. The value must be a valid language code (ISO 639-1) with optional inclusion of a valid country code (ISO 3166-1 alpha 2) separated by a hyphen ("-"). If no complete match can be found, a language with the same language code (even with different country code) will be used. In the worst case that there are no installed languages of requested language code, the default language will be used. Since api-2015100401.
Fields filtering
For API method with resource data like a forum or a thread, the data can be filtered to get interested fields only. The general format is "key.sub_key.deep_key" if you want to include/exclude a specific field. The including rules take precedence over excluding ones.
- fields_include: comma-separated list of fields of a resource. For additional fields, it is possible to use wildcard (*) to include all default fields before specifying additional ones.
- fields_exclude: comma-separated list of fields of a resource to exclude in the response. Since r2016062001, it is possible to use wildcard as a prefix (e.g. "*.key") to exclude the field everywhere.
Resource ordering
For API method with list of resources, the resources can be ordered differently with the parameter order. List of supported orders will be specified for each method. The default order will always be natural. Most of the time, the natural order is the order of which each resource is added to the system (resource id for example).
Encryption
For sensitive information like password, encryption can be used to increase data security. For all encryption with key support, the client_secret will be used as the key. List of supported encryptions:
- aes128: AES 128 bit encryption (mode: ECB, padding: PKCS#7). Because of algorithm limitation, the binary md5 hash of key will be used instead of the key itself.
Headers
- Api-Bb-Code-Chr: !youtube: Replace multimedia tags (except youtube) in bbcode html with tools/chr link. Since forum-2018100301.
- Api-Username-Inline-Style: Return rich username for username fields. Since forum-2018052101.
Content-Type
API always returns the response as application/json (With few exceptions).
You should send requests to API with application/json or application/x-www-form-urlencoded content type.
You can import the API into Postman using this file.