Publishing to Minds.com via 3rd party programs

[colin-stannard]

I'm reasonably new to minds.com, so apologies if this is an obvious question.

Is there any kind of web API or OAuth style authentication that allows a third party program to publish content to your Minds account on your behalf? If so, is there any documentation available? Or example code?

I was looking to produce a WordPress plugin (written in PHP) that would automatically post a short summary and link to a new blog post (when the blog is published on your WordPress site). Similar WordPress plugins are already available for platforms such as Facebook.

[ottman]

Hey Colin, this is something we've been talking about for some time. Would you be interested in a quick chat next week to discuss a plan with myself and @markharding ? Thanks for your interest!

[piraz]

It wold be great to add a generic API level so we can push from other sources. I have a diaspora pod and it would be great to publish from my profile to Minds.com.

I can do that to Twitter, Tumblr, Facebook and Wordpress.

If minds can offer this kind of functionality I can work on the diaspora side to provide this the new service.

Here is the issue regarding this functionality at the diaspora project: https://github.com/diaspora/diaspora/issues/7623.

[ottman]

That's coming for sure. Let's stay in touch. What's your Minds username?

[piraz]

My username is piraz.

[DoumanAsh]

Making myself a tool to post on multiple platforms, I'm curious whether there are any concrete plans for API? I hacked around gab.ai since they don't have API too, but if you're planning to introduce API eventually I would wait before emulating browser in my tool :D

P.s. looking at requests from browser to minds.com it seems to be pretty easy to post stuff though as it is through existing v1/ internal API

UPD: For these who are interested:

1. Upload media through https://www.minds.com/api/v1/media as multipart/form-data. You get response as json with field guid containing ID of uploaded image to use in API below.
2. Post through https://www.minds.com/api/v1/newsfeed with json that allows following fields: -- wire_threshold - no idea what is that. In normal posts it is null. -- message - text content of your post -- is_rich - it seems to be a flag: 0/1. Not sure what exactly is that. In normal posts it is 0. -- title - Title of post? IN normal posts a empty field. -- description - Description of post? In normal posts a empty field. -- thumbnail - Well in normal posts empty. -- url - No idea what kind of url. Empty in normal posts. -- attachment_guid - ID of attachment from /media -- mature - Flag 0 or 1. -- access_id - Emm... not sure? In my posts it is 2.

[DoumanAsh]

I know this is not exactly proper to use internal API, but what are requirements to access https://www.minds.com/api/v1/authenticate ? It seems to return ok when i supply my POST with username and password, but its response contains empty body(contrary to response in browser) and no cookies of login session. I tried to look into engine code, and I don't exactly see a reason why such response can be received... Though I admit I'm not well familiar with php.

[markharding]

Perhaps https://github.com/Minds/mobile/blob/master/src/app/common/services/api/oauth2.ts#L35 might be relevant? We use OAuth2 for out mobile apps. Right now its limited to just username/password, but for third parties we plan on developing a console.

[DoumanAsh]

To use oauth2 I would need to have some token. So for now my only option is to emulate browser and attempt to use api/v1/authenticate

[DoumanAsh]

@markharding Just wanted to re-check, you mentioned that it woulds with password/username but there are client specific info https://github.com/Minds/mobile/blob/master/src/app/common/services/api/oauth2.ts#L38-L39

Is it used or not?

UPD: Tried with empty client info and I can get access token! Thanks for pointing out OAuth2

[DoumanAsh]

I was able to add simple posting to my CLI tool(works also with gab.ai and twitter) https://github.com/DoumanAsh/fie - soon will make release.

[markharding]

I'm assuming this issue is resolved? Please let me know if not and I will re-open.

[belgaard]

This issue has been closed? Does that mean that we have a public API?

[Serkan-devel]

The docs aren't avilable, and I've heard something about API gees before

[DoumanAsh]

Docs are not available as Minds.com doesn't have public API, but no one stops you from using internal API.

P.s. You can use structure of message as reference in my code

[Serkan-devel]

*fees

[Serkan-devel]

(Source: https://github.com/Minds/policies/blob/master/Terms.md)

API fees.

Fees; Payment. By signing up for the Minds.com you agree to pay Minds the specified monthly fees in exchange for access to the feeds. Applicable fees will be invoiced starting from the day your access is established and in advance of using such services. Minds reserves the right to change the payment terms and fees upon thirty (30) days prior written notice to you. API access can be canceled by you at anytime on 30 days written notice to Minds.

It actually goes on

[ghost]

Docs are not available as Minds.com doesn't have public API, but no one stops you from using internal API.

@DoumanAsh are there any examples available to demonstrate available endpoints and usage?

[DoumanAsh]

@ashtonhogan If you're not afraid of Rust, you can check out my code for authentication, posting and image upload https://github.com/DoumanAsh/fie/blob/master/src/actors/minds.rs

[Serkan-devel]

@DoumanAsh does it still work?

[DoumanAsh]

Yes, they so far hasn't changed endpoints I think(or if changed, they added only optional fields) The API is basically JSON API so you can use your browser to verify if there are any changes to fields

[ghost]

@DoumanAsh did you happen to use postman, curl or some other plain request system to verify during the dev process by any chance? Would be great to see the raw requests if possible

[DoumanAsh]

no, I just used Firefox deb tools. They are sufficient enough to view all requests

[ghost]

@DoumanAsh it doesn't really make sense though, when you create a post there's a number of requests, headers and fields that aren't clear

[DoumanAsh]

@ashtonhogan The only header that matters is Authorization which should be set to Bearer <token> which is taken from response on auth request to https://www.minds.com/oauth2/token

Successful authorization returns response with json that contains free fields access_token, user_id and refresh_token The only thing you should care about is access_token as it should be includes in all other requests.

[ghost]

@DoumanAsh Thank you. The only token I see in the request is X-XSRF-TOKEN? I have to put my auth token as the value to this?

[DoumanAsh]

@ashtonhogan Browser, if I'm not mistaken, uses a bit different authorization. I relied on mobile app oauth2 endpoint so I use Authorization header to set token

[ghost]

@DoumanAsh It's unclear how Authorization comes into the picture.

Basically in order to post with an attachment there are two requests:

1. /api/v1/media - Requires cookie header
2. /api/v1/newsfeed - Requires cookie and x-xsrf-token headers as well as a json body.

The json body looks like this:

{
   "wire_threshold":null,
   "message":"Post content here",
   "is_rich":0,
   "title":"",
   "description":"",
   "thumbnail":"",
   "url":"",
   "attachment_guid":"123456789123456789",
   "mature":0,
   "access_id":2
}

If you execute these two requests with header values from a previous request, it re-executes the previous request instead of the current one. This could be due to reusing the attachment_guid field perhaps.

It seems that you may have to generate the cookie and x-xsrf-token header values yourself. This is the main challenge as I'm not sure how to do so.

Any help would be appreciated @markharding @ottman

[DoumanAsh]

@ashtonhogan Authorization header is used to verify user instead of how browser uses cookie and -x-xsrf-token

[ghost]

@DoumanAsh So it works if you substitute cookie with Authorization? If so, how did you go about generating your jwt? id, issuer, subject, ttl millis, secret should be? I'm assuming it's using HS256 signature algorithm?

I was looking for clues here: https://github.com/Minds/engine/blob/0bc53be994b51f804268005d397c42fa26695bd8/Core/Session.php#L133

[DoumanAsh]

@ashtonhogan You need to send json to https://www.minds.com/oauth2/token with following fields:

grant_type: "password",
client_id: "",
client_secret: "",
username: <your_username>,
password: <your_password>,

and get token from response

[ghost]

@DoumanAsh Thanks, for the most part it's working now but have you ever come across this error by any chance? {"status":"error","message":"Unknown entity type: "}

[DoumanAsh]

Not sure? I never had such error

[ghost]

@markharding any ideas what causes this response?

{"status":"error","message":"Unknown entity type: "}

If you trace usages of:

https://github.com/Minds/engine/blob/0bc53be994b51f804268005d397c42fa26695bd8/Core/Media/Factory.php#L19

It seems to stem from: https://github.com/Minds/engine/blob/0bc53be994b51f804268005d397c42fa26695bd8/Entities/Video.php#L116

Where $this->cinemr_guid is not set to Image or Video but not sure where in my request to set that, in the headers or body or what?

@DoumanAsh have you got a plain curl, postman or other http client sample that can demonstrate a working request to /api/v1/media by any chance?

[ghost]

@markharding @DoumanAsh Update:

if you point to /api/v1/media/video instead then the error changes from:

{"status":"error","message":"Unknown entity type: "}

to:

{"status":"error","message":"Sorry, only strings and stream resource are accepted"}

[ghost]

Bump

[DoumanAsh]

@ashtonhogan

I would check how browser sends the data, I never worked with this endpoint. Most likely you send it in incorrect format or video format is unsupported.

[ghost]

@DoumanAsh it works with cookie header instead of Authorization so it can't be an unsupported format. The problem with cookie, is that it expires and uploads the previous video.

[markharding]

Checkout how mobile does it here -> https://github.com/Minds/mobile-native/blob/master/src/newsfeed/Poster.js#L128

Also for reference https://github.com/Minds/mobile-native/blob/master/src/common/services/api.service.js#L168.

Hope this helps

[ghost]

@markharding Sorry, I don't understand. I'm trying to upload a video to:

/api/v1/media

and I keep getting this error:

{"status":"error","message":"Unknown entity type: "}

Do you have a postman collection that you can share by any chance? I don't understand what the API wants. I saw you have swagger but it's currently not working either.

[markharding]

Yes, mobile is doing the exact same thing so I would look at that for the best implementation of this api.

[ghost]

@markharding I had a look at the links you sent. Not sure I understood though. That's uploading an image? Also, how does that help with the error I'm getting?

[Serkan-devel]

Can this issue be opened again? OP can't re-open it

[DoumanAsh]

This is not per se official API for use per se so I'm not sure what you expect

[jasonmayes]

Also interested in the ability to cross post. /Sub. Just migrated from Google+ and a lot of us are looking for a new home.

[plrang]

Same here (g+ refugee), the network seems interesting, so the CLEAN & FREE API would be nice

[Serkan-devel]

@plrang there aren't even API docs since 3 years it has officially launched

[plrang]

@Serkan-devel yeah, I've read something about that issue, thought my post gonna generate some more valuable information about that subject. And it did, so thank you for that

[carlcrott]

Im on this same issue.

Would love to syndicate some content into the website but even something as simple as getting the login page is returning an unsupported browser for python / requests.

Python urllib.request fails ( no login forms present ) for all of the following user-agent strings:

'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36',
'Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36',

'Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)',
'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko',
'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)',
'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko',
'Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko',
'Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko',
'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)',
'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko',
'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko',
'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)',
'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)'

Edited to remove: "page throws up this notification in the HTML: https://www.minds.com/not-supported"

[medworthy]

@markharding, Why has this thread been closed? It is fairly obvious that this issue have yet to be resolved.

[carlcrott]

@medworthy are you actively working on this too? I've managed to get logins working through the API. LMK if you'd like to compare notes.