The Graph API
API for use by plugins, cross domain transfers of thoughts and other domain items, and to be used by live atomized streams.
This api is safe. Only those values that one can get through their current login are returned. Passwords and other sensitive information are excluded. The integrity of privacy, draft, etc is maintained. SQL injection is prevented.
Note:
completed features are in bold and many clickable examples are provided
Legend
Url syntax: / get | put / …
<id> = thought id
<gid> = group id
<group> = group name or group id
<uid> = author id
<tid> = tag id
profile = an author specified by profile group
fields = a comma separated list of fields – not given means ALL
qualifiers = NVP properties such as distinct=1 and orderby=date and limit=100
Tags
- api
Comments

This API mimics Facebook’s graph API in many respects.


My questions:
how do you do server to server data transfers … what establishes the permissions? what sign-in is used?
how can whole images be transferred?
Any media can be transferred in JSON using a data:uri … although it is frowned upon for video due to the extra cost of the base 64 encoding eating up 1/3 more internet bandwidth than actually needed.

My questions:
how do you do server to server data transfers … what establishes the permissions? what sign-in is used?
how can whole images be transferred?
There will need to be a protocol allowing a person (or td robot) to log in by proxy to the remote thinking.domain. It has to be by proxy through the sever because a browser cannot be logged into two places at once (even thought it seems like it can the way FB and stuff works, but in reality, it can’t … other magic is being done).
I have done this kind of thing before. When I get to needing it I will add it.

It is theoretically possible to maintain such logins as I do for groups inside one domain. But, I don’t think it is wise to make that so sticky. Too much chance of the security chain getting broken or hacked. Once per session would be safer and should be comfortable for users.
Don’t know if you want to do it the nerdy way … but you can now use the graph API to change a group password.
If you have the normal right to change it, or if you have right-edit-scripts, you can change the password of a group using the /put API as documented above.
Very clean and easy way to do it, if you are a nerd.

Obviously non-url characters in the password must be escaped. Spaces must be %20 for instance. But if it is just a letter and number password it can go in straight up. Hey, it’s an API !!!

Quite interesting and time saving possibilities exist only through the API.
For instance, in one simple quad line Seth can move all of his thoughts from one group to another. Like this line which would move all of Seth’s group fbi thoughts over to the tiggerandhobbs group. (not that he should do exactly that of course)
/put/thoughts/relocate/tiggerandhobbs?group=fbi&profile=seth
Similar possibilities exist for moving via a tag name and batch deleting by tag or author as well.
If you decide to do this, make sure you read the API definition and follow it exactly. Take note that the profile name is being used as a convenience for the author id so that you don’t have to look up the id. It is not being used as the group to move from or to even though it is a group. The API has a command to look up the author id if you prefer or need it.
What thoughts to move is not optional. So that particular url should error out because you only told it the group to select, not what thoughts in that group to select, which you could do with user id, user profile, or with a tag name. Trusting my software I clicked on the link and here is what I get.
{"count":0,"relocated":[],"error":"tag name or user designation required","result":false}
Yes, the ability of mainly group members to do pranks on each other with hard coded url’s in the pages is something to consider. FB uses a timed token to prevent that. I just implemented something similar. You now need to add a token=<pin> in put based urls. You can get your current session token with /get/token which is simply a 4 digit pin number assigned to your current session. It changes when you log out and back in, but is easy to remember while you are working. Url’s that change something require the token pin now. Can’t prank each other!
so can anyone with the password for archives and faq click on the above link and instigate that move?
right-edit-scripts
right so it is only available to the prime origin and the developer gods.

I’ll think it out lound here …. don’t anybody click on it till i get it right.
i want to move all the thoughts in faq http://www.fastblogit.com/faq
to the archives http://www.fastblogit.com/archives
so according to the “command” format:
put/ thoughts / relocate / <to-group> ? group=<from-group> & profile=<group> **
i write:
http://www.fastblogit.com/put/thoughts/relocate/archives?group=faq ← dont click yet!
http://www.fastblogit.com/put/thoughts/relocate/archives?group=faq&token=6034&all=true ← dont click yet!
{"count":8,"relocated":["409","443","446","488","626","1459","1545","2661"]}



“code in the url area” is the way REST APIs are made these days. There is lots of precidence for this on the web. It works well.

I’ll think it out lound here …. don’t anybody click on it till i get it right.
i want to move all the thoughts in faq http://www.fastblogit.com/faq
to the archives http://www.fastblogit.com/archives
so according to the “command” format:
put/ thoughts / relocate / <to-group> ? group=<from-group> & profile=<group> **
i write:
http://www.fastblogit.com/put/thoughts/relocate/archives?group=faq ← dont click yet!
http://www.fastblogit.com/put/thoughts/relocate/archives?group=faq&token=6034&all=true ← dont click yet!
{"count":8,"relocated":["409","443","446","488","626","1459","1545","2661"]}



Haven’t looked at facebook yet. I wonder if G+ does that.
So I want the power, as wizzard, to say something like

You have the order wrong though. The context is tags, the verb (action) is delete.

But in this case there is no subject, as you surmise, the subject is complex so it comes from the query properties. I only use actual subjects in api quads when the subject is is single thing, like it is in most of the /get/ commands.
/put/domain/tags/delete?tag=%24wish&token=nnnn
%24 is the dollar sign. You can figure such things out very easily in any browser. Simply right click on anything and choose inspect element. Then on the console tab, simply write
escape(‘$wish’)
, or whatever you want to escape, and it will be printed for you. Normally you wont need to when there are no special characters other than space, which everyone knows is %20 
Also realize that it can be much easier to use another browser tab and just put these things in the url bar than to monkey around with url’s in the RTE. I would only put these in a thought if I had a lot of similar work to do and wanted to copy and paste or have a record of what I did. For just a command or two, another browser tab is super easy to use and you will still be logged in the same.
It is time to have an admin account for the wizard. Now that there are becoming significant things that can be done by someone with domain level rights, you should be using a special account when you make domain level changes. It is becoming unsafe for you to be a normal blogger and have that extra power attached to your blogging account … bad things could happen unexpectedly when you do normal everyday things because your account has superpowers that you are not thinking about all the time. Having a special account you use to make sweeping changes will keep that controlled and safe and let you blog normally and see and use the system as others do in your seth account … which is also good or you won’t be aware of how others are seeing and doing things who don’t have superpowers.

It is time to have an admin account for the wizard. Now that there are becoming significant things that can be done by someone with domain level rights, you should be using a special account when you make domain level changes. It is becoming unsafe for you to be a normal blogger and have that extra power attached to your blogging account … bad things could happen unexpectedly when you do normal everyday things because your account has superpowers that you are not thinking about all the time. Having a special account you use to make sweeping changes will keep that controlled and safe and let you blog normally and see and use the system as others do in your seth account … which is also good or you won’t be aware of how others are seeing and doing things who don’t have superpowers.

russell.seth+fbi@gmail.com
Or anything you want after the + sign. That will go to your normal gmail account and be seen as a different email address here. Then you don’t need a bunch of real email address to have to forward or check. That’s the way I always create extra accounts somewhere. A few places don’t allow pluses in email addresses, but most do, and so far, we do.
Some command semantics changed a little for better consistency across all commands.
Just check the list before using something. It is current.

Thought identity can now be transferred. motility
This ability is restricted to the owner of the thought and super heroes. It would not be appropriate for other group members to change the owner of a thought.
Tags by the old owner are transferred to the new owner. Comment identity is preserved. In my opinion, it is sometimes useful or necessary to change the owner of a thought, but changing the author of a comment is pure evil and should never be done.
Being safe with your tokens.
A token is the secret part of your API security. It should not be let into the wild or given to others just like a password. Even though others cannot use it to do their own things, if they know what your secret token is right now they can create traps for you with it. They could put an attractive url in a page and entice you to click on it, while underneath is really a url that deletes your own blog that they engineered with your token.
So keep your tokens safe. If you must hard code them somewhere for your own work, do so only in private thoughts in a private group.
And if you suspect your token is compromised or just want to feel safe, simply log out and back in. That will give you a whole new secret token.


See Also
- Thought about: Postman with 149 viewings related by tag "api".
- Thought GitHub GUI for an API ... with 18 viewings related by tag "api".
- Thought now we have 4 mapping systems with 4 viewings related by tag "api".
- Thought Being safe with your API tokens with 4 viewings related by tag "api".
- Thought Of Interest ? with 2 viewings related by tag "api".
- Thought about: Re: Business Of Linked Data: Opportunities re., Smart Agents (Bots) with 1 viewings related by tag "api".
- Thought Graph API GET Commands with 1 viewings related by tag "api".
- Thought about: Micro Persuasion: Blog Directly from Firefox with 0 viewings related by tag "api".
- Thought about: Google Data APIs Overview with 0 viewings related by tag "api".
- Thought about: ProgrammableWeb: Web 2.0 API Reference with 0 viewings related by tag "api".
- Thought Will the real Web2.0 stand up? with 0 viewings related by tag "api".
- Thought about: Google Maps API with 0 viewings related by tag "api".
- Thought about: Building your commercial Virtual Earth Website using PHP with 0 viewings related by tag "api".
- Thought about: Amazon Web Services with 0 viewings related by tag "api".
- Thought Google Maps API info with 0 viewings related by tag "api".