Jump to content
  • REST API Documentation


    STiX
     Share

    Our site provides an extensive REST API to provide a way to consume and create data for third-party applications and websites.
    Examples of things you could do includes automatically posting new mod releases from your GitHub via integration, authenticating TES3MP users against your Community members, and much more.

    Authorization

    There are two ways to authenticate requests to our REST API: using an API key (all versions), or using OAuth (4.3 and above).

    When using an API key, all data is available and all actions can be performed. For example, if you send an API request to GET /forums/topics, every topic in the community will be in the results; if you send an API request to POST /forums/topics you can create a topic as any user on the community. It is therefore very important that you always keep the API Keys secret, and only grant access to the endpoints you intend to use.  We only use these for our internal tools, though most still use OAuth with appropriately roled and scoped accounts.

    Unlike with API keys, when accessing the REST API with OAuth, you will be providing an access token which has been granted to a specific user* and only data that user can see, and actions that user can perform are available. For example, if you send an API request to GET /forums/topics, only topics in forums that the authenticated user can see will be in the results; if you send an API request to POST /forums/topics the topic will be created as the authenticated user and that cannot be changed.

    Some endpoints are only available when using one method or the other. For example, GET /core/me gets information about the authenticated user and so can only be used when authenticated with OAuth. Meanwhile, POST /forums/forums creates a forum, which is exclusively a site-level operation and so can only be used when authenticated with an API Key (though we can also authenticate with Client Credentials which will work similarly to using an API Key, giving full access to the API rather than as a specific user) . Some endpoints, while available to both methods, might accept different request parameters or have different response parameters for different methods which will be explained in the documentation.

    Error Handling

    When an error is encountered, you will receive a response like this:

    {
              "errorCode": "3S290\/7",
              "errorMessage": "INVALID_API_KEY"
          }

    The possible error codes/messages for each endpoint are detailed within this documentation reference. In addition to the endpoint-specific errors, the following global errors may also be returned:

    Code Message Description
    1S290/A or 1S290/C IP_ADDRESS_BANNED The IP address that is sending the request has been banned from the community. This may happen automatically if the IP Address has repeatedly sent many requests with invalid API keys.
    1S290/D TOO_MANY_REQUESTS_WITH_BAD_KEY The IP address that is sending the request has sent multiple requests with an invalid API key and so is prevented from sending any more requests for several minutes.
    2S290/6 NO_API_KEY No API key or OAuth access token was sent in the request.
    2S290/8 IP_ADDRESS_NOT_ALLOWED The API key was valid, but is configured to only be valid for requests coming from certain IP addresses and IP address the request was sent from is not in the allowed list.
    2S290/B CANNOT_USE_KEY_AS_URL_PARAM The API key was valid, but it is not configured to be used as URL authentication and must be used in AUTHORIZATION headers.
    3S290/7 INVALID_API_KEY The API key sent in the request is not valid.
    2S290/9 INVALID_LANGUAGE An X-IPS-Language header was sent in the request (which can be used to specify a language ID for the response), but its value was not valid.
    3S290/3 INVALID_APP The endpoint the request was sent to does not exist (the first level contains an invalid character, only alphanumerics are acceptable).
    3S290/4 INVALID_CONTROLLER The endpoint the request was sent to does not exist (the second level contains an invalid character, only alphanumerics are acceptable).
    2S290/1 INVALID_APP The endpoint the request was sent to does not exist (the first level does not exist).
    1S290/2 APP_DISABLED The application which controls the endpoint the request was sent to is currently disabled.
    2S290/5 INVALID_CONTROLLER The endpoint the request was sent to does not exist (the second level does not exist).
    2S291/1 NO_ENDPOINT The endpoint the request was sent to does not exist (the URL contains too many levels).
    2S291/3 NO_PERMISSION The API key does not have permission to access the requested endpoint.
    3S291/2 BAD_METHOD The endpoint the request was sent to does not exist - the HTTP request method may be incorrect (for example, sending a GET rather than a POST).
    3S290/9 INVALID_ACCESS_TOKEN The OAuth access token sent in the request is not valid.
    1S290/E EXPIRED_ACCESS_TOKEN The OAuth access token sent in the request was valid but has expired.
    3S290/B NO_SCOPES The OAuth access token has not been authorised to access any scopes.

     

    GET / POST documentation for all application scopes will be posted in due course.

     Share


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...