nuLOL API and potential breaking changes for third-party devs

[WombatFromHell]

This is a continuation of a discussion going on in the Chrome Shack project, but affects all third-party projects that use ThomW's existing LOL API. Asif (TMWTB) reached out to some of the third-party Shack application developers asking us to participate in a meeting to discuss feedback on their new Shacknews native LOL API that is intended to replace the third-party LOL API in the near future.

According to the Hangouts meeting held today (4/23/19) the API has the following rules, which are potentially subject to change until the revamp goes live. No firm ETA has been given for said nuLOL API shipping only that it is coming soon:

• The endpoints that need params generally ask for a POST with post related data, for example: ids[] which represent specific postIds (not root posts, at the moment, though this is likely to change), and tag which represents the string tag.
• This POST request returns valid JSON objects.
• Currently, there are no authentication keys required though this is subject to change.

I've attached a copy of the rough nuLOL API spec document to this ticket for any third-party devs that wish to get up to speed on the changes coming in the nuLOL API implementation. Details on specific usage of the endpoints is still being worked on and may be covered in a future meeting if another is held.

[wogglenet]

I currently use http://lmnopc.com/greasemonkey/shacklol/api.php?special=getcounts for all lol data in shack browse. I do not see an equivalent. Is the equivalent "get_all_tags_for_posts"? There is no example data and I don't really have a tool to test APIs.

---

For getting taggers on a post, I use ?special=get_taggers&thread_id=" + postId + "&tag=" + type; and run this for each type of tag, so 6 times, when the function is run

It looks like the equivalent is "get_all_raters"? So that one seems ok

---

For search lists I use http://lmnopc.com/greasemonkey/shacklol/api.php?format=json&tag=""&author=""&tagger=""order=date_desc&page=" + pageNumber + "&limit=50&since=" + URLEncoder.encode(queryDate, "UTF8");

I do not see an equivalent function for this kind of query.

---

For all posting of LOLs, I POST to http://www.lmnopc.com/greasemonkey/shacklol/report.php with who(username)/what(postId)/tag(lol/unf/wtf) data

I assume this is "store_tag" but I do not see what the expected POST parameters are for "store_tag"

---

They have an "allowed tags" query -- this cannot be supported by Shack Browse. Shack Browse has hard coded support for lol, inf, unf, tag, wtf, and ugh and this cannot be easily changed. Although I might be able to change ugh into something else.

It's kind of baffling to me that they wouldn't just replicate the ThomW API given that the only clients are us, and the functionality is complete already.

Currently it looks like this API will not be usable for all of the Shack Browse functionality... most notably the tag searching

[electroly]

Definitely would like to know if @ThomW will maintain his existing API endpoints. We can't really fix Lamp and I think backlash from breaking Lamp will outweigh the excitement for official lol support. We can maybe patch the Lamp binary to change the API domain name to a domain name of equal or shorter length, if the endpoints worked identically. If it comes to that, and @ThomW doesn't want to host the API endpoint proxies, I think we should add the endpoints to winchatty so that existing clients can just change the domain name in the URL they're using.

[ThomW]

I can easily keep report.php up and create a passthrough, but my concern is that if they add password to the POST requirements (WHICH THEY TOTALLY SHOULD), it's going to break clients that don't pass password along anyway.

[electroly]

I'm sure they won't add a password to the POST requirements; they'd have no way of providing that from their own frontend. The page doesn't have a copy of the plaintext password to pass along. I imagine they'd base it on login cookies and it would just work when you're logged in, since they'll host it on shacknews.com. That would kill the passthrough even though the API inputs are the same. I hope they don't do that; nobody is asking for that, but everybody wants the clients to continue to work.

[ThomW]

But for their own posts, they'll have a session to grab a userid from. External API requests can and will have different requirements.

[electroly]

If they're not using the same API on their own page as we do, that seems like a formula for unnoticed breakage in the API because they don't use it :(

Am I taking crazy pills or does this all seem exactly like the old pointless dumb Shack API that Gamefly implemented? All the pieces are here: the new API that nobody asked for, the promise that API keys will be required someday, very poor error handling, lack of coverage on existing functionality that clients depend on, and no use of the API by Shacknews itself. Why are they changing this?

[electroly]

I bet a dollar this somehow ends up with a mod board leak. The Shack API did.

[WombatFromHell]

I've uploaded a copy of the updated API document for nuLOL (link is in the OP) in case anyone that can see this ticket didn't get the e-mail.

[wogglenet]

It looks like they use userId for specifying users. This is data we do not have access to.

[patch-e]

I must have missed that there was a known date on when this was happening. That attached doc in the root of the OP still accurate?

[WombatFromHell]

Thanks for the reminder. I just updated the OP with the most recently provided API docs.

[patch-e]

ext_get_counts is the replacement for getcounts?

v3 document states the objective of ext_get_counts is "Tag a post (or untag)", huh?

it also states a no parameter POST or GET to https://codename.shacknews.com/api2/api-index.php?action2=ext_get_counts is a valid request.. I am getting "Invalid call parameters. Error code 0324." when firing a GET to this.

What am I missing here?

[WombatFromHell]

I believe it's supposed to return a set of JSON objects with tag data like:

{{"38637339":{"38639375":{"inf":"1"}},"38637515":{"38639198":{"lol":"1"},"38639226":{"lol":"1"}},"38638110":{"38639219":{"lol":"1"},"38639254":{"inf":"3"},"38639269":{"inf":"1"}},"38638151":{"38639154":{"inf":"1"},"38639319":{"inf":"1"}},"38638331":{"38639214":{"lol":"1"}},"38638501":{"38639153":{"lol":"2"},"38639157":{"lol":"1"},"38639191":{"unf":"2"},"38639204":{"inf":"1"},"38639216":{"inf":"1"},"38639245":{"inf":"2"},"38639336":{"inf":"1"}},"38638518":{"38639257":{"lol":"2"},"38639343":{"inf":"1"},"38639346":{"lol":"7"},"38639352":{"inf":"1"},"38639369":{"lol":"1"}},"38638929":{"38639266":{"lol":"1"}},"38639244":{"38639244":{"lol":"1"}},"38639285":{"38639285":{"lol":"1"}},"38639322":{"38639338":{"lol":"4"}},"38639396":{"38639396":{"inf":"1","unf":"1"}},"31704076":{"31705947":{"lol":8008135,"unf":8008135}}}

Thom brought up via e-mail that currently applications use the tag data without a JSON container and that to prevent breaking those applications they should only return the tag data objects themselves. Goran mentioned that they intend to make updates to that endpoint to facilitate backwards compatibility, so this may be going on over the weekend with the intention of targetting deployment on Monday. This might explain why you're getting an error.

TL;DR: You may need to wait till Monday (June 10th) and see if the server endpoints behave or not.

[patch-e]

So basically everything was cutover to nu[LOL] and not much of the API is in a usable state for current app clients.. which gave me little to no chance of actually making everything work ahead of time if I had actually known the cutover was happening on a given date :)

Looks like I need a logged in user to tag now, which complicates things for LC.app a bit since user credentials aren't ever used except during the action of making a post / SM. This was probably the right thing to do by the API for abuse reasons.. but it gives me a bit of work to do :)

[WombatFromHell]

I'm not absolutely sure that the secret key is needed for tagging at the moment. Last I heard it was being discussed due to the compatibility issues it would cause. That's all I know at this point.

[patch-e]

Any update on these apparent API fixes that were happening earlier this week?

[WombatFromHell]

No, nothing yet.

[WombatFromHell]

I just got an email from Gorlan about the API situation. ext_get_counts should be working on the staging server (https://codename.shacknews.com/api2/api-index.php?action2=ext_get_counts). As for the changes to tag creation for third party apps, you'll need to email Gorlan (goran.trlin@greenlitcontent.com) to get the secret key for accessing ext_create_tag_via_api endpoint. Other than that the most recent API document should be accurate.

[WombatFromHell]

If anyone would like the secret key for testing the tag creation endpoint let me know here and I'll email you.

[wogglenet]

So still no replacement for API.php and tag searching?

[wogglenet]

They have now indicated to me that they do not intend to support those features of my app. This API, it seems, is their final effort.

I am going to look into whether I can find a way to support this separately on my server before I decide whether I'll bother implementing their API at all