The Graph API
API for use by plugins, cross domain transfers of thoughts and other domain items, and to be used by live atomized streams.
This api is safe. Only those values that one can get through their current login are returned. Passwords and other sensitive information are excluded. The integrity of privacy, draft, etc is maintained. SQL injection is prevented.
Note: completed features are in bold and many clickable examples are provided
Legend
Url syntax: / get | put / …
<id> = thought id
<gid> = group id
<group> = group name or group id
<uid> = author id
<tid> = tag id
profile = an author specified by profile group
fields = a comma separated list of fields – not given means ALL
qualifiers = NVP properties such as distinct=1 and orderby=date and limit=100
Tags
- api
Comments
Seth says
kudos indeed 
My project for last night. The complete ones with examples are as far as I got. 
This API mimics Facebook’s graph API in many respects.
This API mimics Facebook’s graph API in many respects.
Holmes says
Answered question two elsewhere as well. The answer is extremely simple and straight forward. data:uri.
Any media can be transferred in JSON using a data:uri … although it is frowned upon for video due to the extra cost of the base 64 encoding eating up 1/3 more internet bandwidth than actually needed.
Just to be clear, a client browser cannot grab any data that was not permitted already according to the client’s sign in. For example i just logged out and tried to get the data in this thought, and recieved the following result: {"rows":0,"thought":null}
My questions:
how do you do server to server data transfers … what establishes the permissions? what sign-in is used?
how can whole images be transferred?
My questions:
how do you do server to server data transfers … what establishes the permissions? what sign-in is used?
how can whole images be transferred?
i think i can answer my first question: These data transfers must always be instigated by a client browser.
Any media can be transferred in JSON using a data:uri … although it is frowned upon for video due to the extra cost of the base 64 encoding eating up 1/3 more internet bandwidth than actually needed.
Seth says
?
Just to be clear, a client browser cannot grab any data that was not permitted already according to the client’s sign in. For example i just logged out and tried to get the data in this thought, and recieved the following result: {"rows":0,"thought":null}
My questions:
how do you do server to server data transfers … what establishes the permissions? what sign-in is used?
how can whole images be transferred?
My questions:
how do you do server to server data transfers … what establishes the permissions? what sign-in is used?
how can whole images be transferred?
Images can be transferred easily as data:uri’s.
There will need to be a protocol allowing a person (or td robot) to log in by proxy to the remote thinking.domain. It has to be by proxy through the sever because a browser cannot be logged into two places at once (even thought it seems like it can the way FB and stuff works, but in reality, it can’t … other magic is being done).
I have done this kind of thing before. When I get to needing it I will add it.
There will need to be a protocol allowing a person (or td robot) to log in by proxy to the remote thinking.domain. It has to be by proxy through the sever because a browser cannot be logged into two places at once (even thought it seems like it can the way FB and stuff works, but in reality, it can’t … other magic is being done).
I have done this kind of thing before. When I get to needing it I will add it.
one application for server-server might be where person A in one domain might subscribe to a person B in another, such that the first person A gets all of the thoughts of person B posted automatically in their group. Wold that require a client logged in to cause the transfer to take place?
Yes it should. Person a should be fully logged in and then they can get anything fully public by person B. If they want non public stuff by person B, then they would have to additionally log in by proxy to B’s domain and then they would be as if they were A in B’s domain.
It is theoretically possible to maintain such logins as I do for groups inside one domain. But, I don’t think it is wise to make that so sticky. Too much chance of the security chain getting broken or hacked. Once per session would be safer and should be comfortable for users.
It is theoretically possible to maintain such logins as I do for groups inside one domain. But, I don’t think it is wise to make that so sticky. Too much chance of the security chain getting broken or hacked. Once per session would be safer and should be comfortable for users.
Si says
Don’t know if you want to do it the nerdy way … but you can now use the graph API to change a group password.
If you have the normal right to change it, or if you have right-edit-scripts, you can change the password of a group using the /put API as documented above.
Very clean and easy way to do it, if you are a nerd.
Obviously non-url characters in the password must be escaped. Spaces must be %20 for instance. But if it is just a letter and number password it can go in straight up. Hey, it’s an API !!!
Don’t know if you want to do it the nerdy way … but you can now use the graph API to change a group password.
If you have the normal right to change it, or if you have right-edit-scripts, you can change the password of a group using the /put API as documented above.
Very clean and easy way to do it, if you are a nerd.
Obviously non-url characters in the password must be escaped. Spaces must be %20 for instance. But if it is just a letter and number password it can go in straight up. Hey, it’s an API !!!
Si says
Quite interesting and time saving possibilities exist only through the API.
For instance, in one simple quad line Seth can move all of his thoughts from one group to another. Like this line which would move all of Seth’s group fbi thoughts over to the tiggerandhobbs group. (not that he should do exactly that of course)
/put/thoughts/relocate/tiggerandhobbs?group=fbi&profile=seth
Similar possibilities exist for moving via a tag name and batch deleting by tag or author as well.
If you decide to do this, make sure you read the API definition and follow it exactly. Take note that the profile name is being used as a convenience for the author id so that you don’t have to look up the id. It is not being used as the group to move from or to even though it is a group. The API has a command to look up the author id if you prefer or need it.
Quite interesting and time saving possibilities exist only through the API.
For instance, in one simple quad line Seth can move all of his thoughts from one group to another. Like this line which would move all of Seth’s group fbi thoughts over to the tiggerandhobbs group. (not that he should do exactly that of course)
/put/thoughts/relocate/tiggerandhobbs?group=fbi&profile=seth
Similar possibilities exist for moving via a tag name and batch deleting by tag or author as well.
If you decide to do this, make sure you read the API definition and follow it exactly. Take note that the profile name is being used as a convenience for the author id so that you don’t have to look up the id. It is not being used as the group to move from or to even though it is a group. The API has a command to look up the author id if you prefer or need it.
Si says
What thoughts to move is not optional. So that particular url should error out because you only told it the group to select, not what thoughts in that group to select, which you could do with user id, user profile, or with a tag name. Trusting my software I clicked on the link and here is what I get.
What thoughts to move is not optional. So that particular url should error out because you only told it the group to select, not what thoughts in that group to select, which you could do with user id, user profile, or with a tag name. Trusting my software I clicked on the link and here is what I get.
{"count":0,"relocated":[],"error":"tag name or user designation required","result":false}
Yes, the ability of mainly group members to do pranks on each other with hard coded url’s in the pages is something to consider. FB uses a timed token to prevent that. I just implemented something similar. You now need to add a token=<pin> in put based urls. You can get your current session token with /get/token which is simply a 4 digit pin number assigned to your current session. It changes when you log out and back in, but is easy to remember while you are working. Url’s that change something require the token pin now. Can’t prank each other!
Si says
Just added the option of &all=true so that you can move all thoughts for ease in managing your site. This requires your
is the “&profile=seth” optional? Would it only move my thoughts?
so can anyone with the password for archives and faq click on the above link and instigate that move?
so can anyone with the password for archives and faq click on the above link and instigate that move?
right-edit-scripts right so it is only available to the prime origin and the developer gods.
Seth says
“code in the url area” is the way REST APIs are made these days. There is lots of precidence for this on the web. It works well.
hmmm … sounds powerful indeed … let me see if i understand how to use it.
I’ll think it out lound here …. don’t anybody click on it till i get it right.
i want to move all the thoughts in faq http://www.fastblogit.com/faq
to the archives http://www.fastblogit.com/archives
so according to the “command” format:
put/ thoughts / relocate / <to-group> ? group=<from-group> & profile=<group> **
… let me see if i understand how to use it.I’ll think it out lound here …. don’t anybody click on it till i get it right.
i want to move all the thoughts in faq http://www.fastblogit.com/faq
to the archives http://www.fastblogit.com/archives
so according to the “command” format:
put/ thoughts / relocate / <to-group> ? group=<from-group> & profile=<group> **
i write:
http://www.fastblogit.com/put/thoughts/relocate/archives?group=faq ← dont click yet!
ok using th e token and scope, trying again …
http://www.fastblogit.com/put/thoughts/relocate/archives?group=faq&token=6034&all=true ← dont click yet!
http://www.fastblogit.com/put/thoughts/relocate/archives?group=faq&token=6034&all=true ← dont click yet!
response on click was
{"count":8,"relocated":["409","443","446","488","626","1459","1545","2661"]}?
presumably this kind of command is guarded by some kind of rights ..
Presumably you have not been reading the whole dialog, or read the thought, or you woudn’t have to ask. 
You can not do anything using the API than you could not do already given the permissions already granted to you. But if th e command is a “put” … something that changes the database … then you can only make a hyperlink that will work on your own browser session.
Apparently while I was writing this so were you people doing your instant spec … normally I don’t watch much code-jockey cross talk … code in the url area has already discussed by me
“code in the url area” is the way REST APIs are made these days. There is lots of precidence for this on the web. It works well.
Seth says
i think most serious software packags have APIs … they allow developers outside of the enterprise to enhance its usefulness.
hmmm … sounds powerful indeed … let me see if i understand how to use it.
I’ll think it out lound here …. don’t anybody click on it till i get it right.
i want to move all the thoughts in faq http://www.fastblogit.com/faq
to the archives http://www.fastblogit.com/archives
so according to the “command” format:
put/ thoughts / relocate / <to-group> ? group=<from-group> & profile=<group> **
… let me see if i understand how to use it.I’ll think it out lound here …. don’t anybody click on it till i get it right.
i want to move all the thoughts in faq http://www.fastblogit.com/faq
to the archives http://www.fastblogit.com/archives
so according to the “command” format:
put/ thoughts / relocate / <to-group> ? group=<from-group> & profile=<group> **
i write:
http://www.fastblogit.com/put/thoughts/relocate/archives?group=faq ← dont click yet!
ok using th e token and scope, trying again …
http://www.fastblogit.com/put/thoughts/relocate/archives?group=faq&token=6034&all=true ← dont click yet!
http://www.fastblogit.com/put/thoughts/relocate/archives?group=faq&token=6034&all=true ← dont click yet!
response on click was
{"count":8,"relocated":["409","443","446","488","626","1459","1545","2661"]}?
presumably this kind of command is guarded by some kind of rights ..
Presumably you have not been reading the whole dialog, or read the thought, or you woudn’t have to ask.
You can not do anything using the API than you could not do already given the permissions already granted to you. But if th e command is a “put” … something that changes the database … then you can only make a hyperlink that will work on your own browser session.
Apparently while I was writing this so were you people doing your instant spec … normally I don’t watch much code-jockey cross talk … code in the url area has already discussed by me
So as to code in the url area as discussed by you. Then I suppose you frown upon all the url based API’s out there, including all of Yahoo’s, and Facebook’s entire graph API?
Depends how well you test it against malicious intent. A person with a password can do a lot of damage. I actually mentioned that I would like this feature for some triage I was doing yesterday. kudos
Haven’t looked at facebook yet. I wonder if G+ does that.
Haven’t looked at facebook yet. I wonder if G+ does that.
Mark de LA says
most of them are really old – a wizzard feeding mechanism – ~111 just searched . Maybe the body of them is also
Making our tag cloud reflect what is happen here to someone just wandering bye will help us show our best sides to the world. In that regard, as wizzard of this domain, i want the power to globally curate some of our tags. For example, $wish. We haven’t used that tag here for years, yet see how prominant it is reflected in our cloud. If people click on that as a way to come in, then they will get a totally false impression of the reality of our domain.
So I want the power, as wizzard, to say something like
So I want the power, as wizzard, to say something like
/put/delete/tags/?tag=<tag>& [profile=<group> | all=true ]
Seth says
$wish . Yes this used to be a way for Mark (and even myself) to ask for a feature. Since i was the developer then, i can see how it was “feeding” me. We probably still need such a tag going … is is not currently nfeatures ?
$wish . Yes this used to be a way for Mark (and even myself) to ask for a feature. Since i was the developer then, i can see how it was “feeding” me. We probably still need such a tag going … is is not currently nfeatures ?
Holmes says
Okay. This is done. See doc for full spec. The one you want is
%24 is the dollar sign. You can figure such things out very easily in any browser. Simply right click on anything and choose inspect element. Then on the console tab, simply write
Also realize that it can be much easier to use another browser tab and just put these things in the url bar than to monkey around with url’s in the RTE. I would only put these in a thought if I had a lot of similar work to do and wanted to copy and paste or have a record of what I did. For just a command or two, another browser tab is super easy to use and you will still be logged in the same.
Okay, that’s easy now. Just a few lines of code.
You have the order wrong though. The context is tags, the verb (action) is delete.
But in this case there is no subject, as you surmise, the subject is complex so it comes from the query properties. I only use actual subjects in api quads when the subject is is single thing, like it is in most of the /get/ commands.
You have the order wrong though. The context is tags, the verb (action) is delete.
But in this case there is no subject, as you surmise, the subject is complex so it comes from the query properties. I only use actual subjects in api quads when the subject is is single thing, like it is in most of the /get/ commands.
? kewl … i am just learning the quad nature of thes commands.
/put/domain/tags/delete?tag=%24wish&token=nnnn
%24 is the dollar sign. You can figure such things out very easily in any browser. Simply right click on anything and choose inspect element. Then on the console tab, simply write
escape(‘$wish’), or whatever you want to escape, and it will be printed for you. Normally you wont need to when there are no special characters other than space, which everyone knows is %20 Also realize that it can be much easier to use another browser tab and just put these things in the url bar than to monkey around with url’s in the RTE. I would only put these in a thought if I had a lot of similar work to do and wanted to copy and paste or have a record of what I did. For just a command or two, another browser tab is super easy to use and you will still be logged in the same.
Seth says
or maybe not, that old address was deactivated because it had collected too much spam years ago … might still have too much going there. i’ll pick something else but it will be @robustai.net . it doesn’t need to be verified for current usage, does it?
Seth,
It is time to have an admin account for the wizard. Now that there are becoming significant things that can be done by someone with domain level rights, you should be using a special account when you make domain level changes. It is becoming unsafe for you to be a normal blogger and have that extra power attached to your blogging account … bad things could happen unexpectedly when you do normal everyday things because your account has superpowers that you are not thinking about all the time. Having a special account you use to make sweeping changes will keep that controlled and safe and let you blog normally and see and use the system as others do in your seth account … which is also good or you won’t be aware of how others are seeing and doing things who don’t have superpowers.
It is time to have an admin account for the wizard. Now that there are becoming significant things that can be done by someone with domain level rights, you should be using a special account when you make domain level changes. It is becoming unsafe for you to be a normal blogger and have that extra power attached to your blogging account … bad things could happen unexpectedly when you do normal everyday things because your account has superpowers that you are not thinking about all the time. Having a special account you use to make sweeping changes will keep that controlled and safe and let you blog normally and see and use the system as others do in your seth account … which is also good or you won’t be aware of how others are seeing and doing things who don’t have superpowers.
so it will require a separate email … and i guess i can name it anything i wish. Would it not have been the name that i installed the domain?
i’m thinking i would like my email there to be seth@robustai.net … an email address that actually is not even being served at the moment … but one that i could serve or redirect to my normal address … er just as soon as i make that email server function properly. any objections?
Holmes says
?
Seth,
It is time to have an admin account for the wizard. Now that there are becoming significant things that can be done by someone with domain level rights, you should be using a special account when you make domain level changes. It is becoming unsafe for you to be a normal blogger and have that extra power attached to your blogging account … bad things could happen unexpectedly when you do normal everyday things because your account has superpowers that you are not thinking about all the time. Having a special account you use to make sweeping changes will keep that controlled and safe and let you blog normally and see and use the system as others do in your seth account … which is also good or you won’t be aware of how others are seeing and doing things who don’t have superpowers.
It is time to have an admin account for the wizard. Now that there are becoming significant things that can be done by someone with domain level rights, you should be using a special account when you make domain level changes. It is becoming unsafe for you to be a normal blogger and have that extra power attached to your blogging account … bad things could happen unexpectedly when you do normal everyday things because your account has superpowers that you are not thinking about all the time. Having a special account you use to make sweeping changes will keep that controlled and safe and let you blog normally and see and use the system as others do in your seth account … which is also good or you won’t be aware of how others are seeing and doing things who don’t have superpowers.
so it will require a separate email … and i guess i can name it anything i wish. Would it not have been the name that i installed the domain?
i’m thinking i would like my email there to be seth@robustai.net … an email address that actually is not even being served at the moment … but one that i could serve or redirect to my normal address … er just as soon as i make that email server function properly. any objections?
You have gmail, why not just use an automatic gmail extension? You could use.
russell.seth+fbi@gmail.com
Or anything you want after the + sign. That will go to your normal gmail account and be seen as a different email address here. Then you don’t need a bunch of real email address to have to forward or check. That’s the way I always create extra accounts somewhere. A few places don’t allow pluses in email addresses, but most do, and so far, we do.
russell.seth+fbi@gmail.com
Or anything you want after the + sign. That will go to your normal gmail account and be seen as a different email address here. Then you don’t need a bunch of real email address to have to forward or check. That’s the way I always create extra accounts somewhere. A few places don’t allow pluses in email addresses, but most do, and so far, we do.
tha’s ok … i’ll pick something … then just sign on. i am presuming that you will attach whatever goodies to it when you see it come in … right?
Si says
Some command semantics changed a little for better consistency across all commands.
Just check the list before using something. It is current.
Some command semantics changed a little for better consistency across all commands.
Just check the list before using something. It is current.
Si says
Thought identity can now be transferred. motility
This ability is restricted to the owner of the thought and super heroes. It would not be appropriate for other group members to change the owner of a thought.
Tags by the old owner are transferred to the new owner. Comment identity is preserved. In my opinion, it is sometimes useful or necessary to change the owner of a thought, but changing the author of a comment is pure evil and should never be done.
Thought identity can now be transferred. motility
This ability is restricted to the owner of the thought and super heroes. It would not be appropriate for other group members to change the owner of a thought.
Tags by the old owner are transferred to the new owner. Comment identity is preserved. In my opinion, it is sometimes useful or necessary to change the owner of a thought, but changing the author of a comment is pure evil and should never be done.
Seth says
A token is the secret part of your API security. It should not be let into the wild or given to others just like a password. Even though others cannot use it to do their own things, if they know what your secret token is right now they can create traps for you with it. They could put an attractive url in a page and entice you to click on it, while underneath is really a url that deletes your own blog that they engineered with your token.
So keep your tokens safe. If you must hard code them somewhere for your own work, do so only in private thoughts in a private group.
And if you suspect your token is compromised or just want to feel safe, simply log out and back in. That will give you a whole new secret token.wow that is a first … he made his breakfast his advatar 
Being safe with your tokens.
A token is the secret part of your API security. It should not be let into the wild or given to others just like a password. Even though others cannot use it to do their own things, if they know what your secret token is right now they can create traps for you with it. They could put an attractive url in a page and entice you to click on it, while underneath is really a url that deletes your own blog that they engineered with your token.
So keep your tokens safe. If you must hard code them somewhere for your own work, do so only in private thoughts in a private group.
And if you suspect your token is compromised or just want to feel safe, simply log out and back in. That will give you a whole new secret token.
2016-02-29 10:41:31 [item 20179#47241]
?
See Also
- Thought about: Postman with 149 viewings related by tag "api".
- Thought GitHub GUI for an API ... with 18 viewings related by tag "api".
- Thought now we have 4 mapping systems with 1 viewings related by tag "api".
- Thought about: Re: Business Of Linked Data: Opportunities re., Smart Agents (Bots) with 1 viewings related by tag "api".
- Thought Graph API GET Commands with 1 viewings related by tag "api".
- Thought about: Micro Persuasion: Blog Directly from Firefox with 0 viewings related by tag "api".
- Thought about: Google Data APIs Overview with 0 viewings related by tag "api".
- Thought about: ProgrammableWeb: Web 2.0 API Reference with 0 viewings related by tag "api".
- Thought Will the real Web2.0 stand up? with 0 viewings related by tag "api".
- Thought Of Interest ? with 0 viewings related by tag "api".
- Thought about: Google Maps API with 0 viewings related by tag "api".
- Thought about: Building your commercial Virtual Earth Website using PHP with 0 viewings related by tag "api".
- Thought about: Amazon Web Services with 0 viewings related by tag "api".
- Thought Google Maps API info with 0 viewings related by tag "api".
- Thought Being safe with your API tokens with 0 viewings related by tag "api".