Clarification on ApiUserRequired in platform's api.go

Julia · August 4, 2016, 8:55pm

I am working off the native android app in your github to connect to mattermost api here, specifically this one

BaseRoutes.Teams.Handle("/all_team_listings",ApiUserRequired(GetAllTeamListings)).Methods("GET")

and I am confused at where it says ApiUserRequired. Since it is a GET request, it cannot have a body so I am assuming that I have to put a User into the header? The line I am using in android is

@GET("/api/v3/teams/all_team_listings") Promise<Object> getAllTeamListings(@Header("user") User user);

getAllTeamListings creates a user with email, password, etc and passes it in.

As a side note, I am able to use /api/v3/teams/all without a problem. I think it has to do with ApiUserRequired as that seems to be the only difference in between them. I have tried not having a header and having it return Promise<User> but they don’t work.

The problem is that it returns a 401 error with a message that says "Invalid or expired session, please login again." and the detailed error report just lists the token id. When messing around with params and stuff, I also occasionally get Appears to be a CSRF attempt if anyone has any explanation for that, that would be nice.

Basically, I am asking, what is the difference between ApiAppHandler and ApiUserRequired? Or where can I find information on them?

elias · August 11, 2016, 9:31am

Hi @Julia

First of all let me clarify the ApiUserRequired it actually means that the API route requires a valid user session, meaning that the user actually is logged in, that’s all it does.

Now regarding the other issues:

login by using this route /api/v3/users/login as POST and in the body supply a json object like this

{
    "login_id": "account@email.com",
    "password": "the account password"
}

If all goes well you’ll get a response where in the header you’ll find token. use it’s value in subsequent API calls by adding a Header Authorization: Bearer thetokenfromtheresponse or Authorization: token thetokenfromtheresponse it doesn’t matter if its a GET or a POST requests.

With this both of your problems should be resolved.

Let me know if it works for you.

Topic		Replies	Views
Some question about use Get a user API Troubleshooting	0	594	October 27, 2020
Mattermost 3.4 - API - 404 - Unable to post users/ids through the api Troubleshooting	5	2558	January 9, 2017
Is it possible to connect a user on his browser via an API call? Troubleshooting	4	211	June 30, 2023
Retriving teams from API returns empty Troubleshooting	4	977	May 6, 2020
Http://192.168.99.100:8065/api/v3/users/0/0 using postman, when i call this mattermost api i am getting "message": "Invalid or expired session, please login again.", error Troubleshooting	1	1696	January 21, 2017

Clarification on ApiUserRequired in platform's api.go

Related Topics