Hello All,

I've talked to friend of mine. And he mentioned it would be nice to have BBS with the API. Something like You would have Sysop authenticated over web call (e.g. curl https://bbs.local/api/auth?username=sysop&password=xxxyyyzzz) thus obtaining security token. And then possible use it in a bash script or so.

Like adding 100 of users by calling curl https://bbs.local/api/createuser?username=noob&password=xxxyyyzzz

Is there any BBS out there that would provide such a functionality? I mean RESTApi access with basic capabilities of administrating system?

Thanks & best regards

|08Shinobi <.Phenom.>

--- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
* Origin: Infolinka BBS (10:104/3)

I've talked to friend of mine. And he mentioned it would be nice to have BBS with the API. Something like You would have Sysop authenticated over web call (e.g. curl https://bbs.local/api/auth?username=sysop&password=xxxyyyzzz) thus obtaining security token. And then possible use it in a bash script or so.

Please, please, please never put a password in plaintext like that, even if using https.

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Black Flag <ACiD Telnet HQ> blackflagbbs.com (10:101/2)

On Monday, May 20th esc muttered...

Please, please, please never put a password in plaintext like that, even if using https.

Exchanging credentials for an auth token is pretty standard practice, though you should use use payload/body (e.g. with JSON) vs URL paramaters which can end up in logs, etc.

For a API that is intended for scripting (ie: an app) it's better to have a pre-established API key & secret instead of a credential -> token exchange though.

...but to the original question, when would someone actually use such an API? I
can't really imagine a scenario like the example. I can imagine querying various bits of info & some boards do allow access to message bases via API for
example.


--- ENiGMA 1/2 v0.0.10-alpha (linux; x64; 10.13.0)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (10:101/9)

Exchanging credentials for an auth token is pretty standard practice, though you should use use payload/body (e.g. with JSON) vs URL
paramaters which can end up in logs, etc.

O.K. thank You for clearing things up. Would that mean the password is better to be passed encrypted? I mean in the API case ...

...but to the original question, when would someone actually use such an API? I can't really imagine a scenario like the example. I can imagine querying various bits of info & some boards do allow access to message bases via API for example.

Well... that would be the generalized access to bbs functions. And therefore
it could be called by anything. In case one would implement Messaging and
files download / upload You could write e.g. Mobile client. Or just any
client in any environ,ent and be able to query the API for data. I can
imagine simple BBS messaging app. Or file upload / download service for the web. I thought one would be able to use it according to his/her needs. Does
it make sense?

Thank You and best regards

|08Shinobi <.Phenom.>

--- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
* Origin: Infolinka BBS (10:104/3)

On Tuesday, May 21st shinobi muttered...

O.K. thank You for clearing things up. Would that mean the password is better to be passed encrypted? I mean in the API case ...

I'm not sure exactly what you mean by "API case". There are bascially two scenarios I described:
1 - A user is activtely in control: Exchange credentials for a token & use the token from that point on.
2 - A app (bot/etc.) is in control: Use a API key/secret, nonce, so on.



--- ENiGMA 1/2 v0.0.10-alpha (linux; x64; 10.13.0)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (10:101/9)