API

API Endpoints

The full URL for all endpoints starts with https://www.commentcastles.org/api/v1. All endpoints return JSON. All POST and PUT requests must have a content type of application/x-www-form-urlencoded.

GET /comment

This call will return a single comment and its subcomments.

Query Params

Headers

Examples

/comment?commentid=utePeJTWFGjstaQfbVntPn

GET /post

This call will return a single post and its comments.

Query Params

Headers

Examples

/post?postid=SxqYZnDk26oisgSCS9bTjN

GET /posts

This returns all posts, exactly like the homepage. The data is paginated at 20 posts per page.

Query Params

Headers

Examples

/posts

/posts?p=2

/posts?sort=comments

POST /comment

This will create a new comment. It can create a comment on a post or another comment. Supply either a post_id or a comment_id, supplying both or neither is an error.

Body Params

Headers

Examples

Invoke-RestMethod -Method POST -Uri "https://www.commentcastles.org/api/v1/comment" -Headers @{Authorization='Bearer cb1ef3699927c3f293d4b5a116409ecf4b92707f'} -Body @{post_id='O9qIMDTUUlm512s3hZu0ps';text_content='hello';}

Invoke-RestMethod -Method POST -Uri "https://www.commentcastles.org/api/v1/comment" -Headers @{Authorization='Bearer cb1ef3699927c3f293d4b5a116409ecf4b92707f'} -Body @{comment_id='J2nfJKIeeIIF6ScwxJL2F2';text_content='hi!';}

POST /post

This will create a new post.

Body Params

Headers

Examples

Invoke-RestMethod -Method POST -Uri "https://www.commentcastles.org/api/v1/post" -Headers @{Authorization='Bearer 50595b011188c5b76378066623f6c4f84d9272e9'} -Body @{title='my title 66bb';link='http://somesite.com';text_content='some content';sub='science';}

PUT /comment

This endpoint edits a comment.

Body Params

Headers

Examples

Invoke-RestMethod -Method PUT -Uri "https://www.commentcastles.org/api/v1/comment" -ContentType "application/x-www-form-urlencoded" -Headers @{Authorization='Bearer f55b564268cd8b14c394b0723f4d20b96ae2066b'} -Body @{comment_id='tnH5OAmOkilFPUsRmyW5d0';text_content='my new content'}

PUT /post

This will edit a post.

Body Params

Headers

Examples

Invoke-RestMethod -Method PUT -Uri "https://www.commentcastles.org/api/v1/post" -ContentType "application/x-www-form-urlencoded" -Headers @{Authorization='Bearer d80743e5ece197fa8bc888ffef5f3d7df993ecd7'} -Body @{post_id='cdD7zmyruJDJFieTLtKXls';title='my new title';text_content='some new content.'}

DELETE /comment

This deletes a comment.

Query Params

Headers

Examples

Invoke-RestMethod -Method DELETE -Uri "https://www.commentcastles.org/api/v1/comment?comment_id=D38yoq7I71oSON8jrxnF9a" -Headers @{Authorization='Bearer 4932ee96e45e154bb8a766f52dbc7ee3a34f1f3a'}

DELETE /post

This deletes a post.

Query Params

Headers

Examples

Invoke-RestMethod -Method DELETE -Uri "https://www.commentcastles.org/api/v1/post?post_id=3wCYDmiQR2rOZHTpDdrHu" -Headers @{Authorization='Bearer 48780f71186895055d8246ecfc5c95420d049f30'}

API User Authentication

You can authenticate users for API calls by using OAuth 2. Here are the instructions for how to use our OAuth 2 setup:

Step 1: Sign up, log in and go to app IDs in the settings. Register your app by specifying a name and a redirect URI. Once you register your app the client ID will show. You will need to use the client ID and redirect URI in later steps.

Step 2: In the app you're building, make the login button display this page in the browser:

https://www.commentcastles.org/oauth/authorize?client_id=xxx&state=yyy&response_type=code&redirect_uri=zzz&code_challenge=aaa&code_challenge_method=bbb

Replace xxx with your client ID, replace yyy with a state value (it can be anything), and fill in zzz with your redirect URI (it must match the redirect URI from step 1). Replace aaa with either a code verifier or the hash of a code verifier. bbb should be "plain" if you only pass a plain code verifier, and bbb should be "S256" if you pass a hashed code verifier.

A code verifier is a random 43 character string made up of a-z, A-Z, 0-9, "_", "-", "." and "~". To hash the code verifier you first take the SHA256 hash and then you base64-URL-encode the value. You know your hash algorithm is correct if "waffle" yields the value "X6tfQ9Cy-XUm59qsseQv_ReOIGfFmgA20NmEo77Cifs".

When a user visits the above URL they have to click a confirm button.

Step 3: When a user clicks the confirm button they will be redirected to your redirect URI with a state variable and a code variable in the URL. The code variable is an authorization code. The app you're building now requests POST /oauth/token. Here is the request in PowerShell:

Invoke-WebRequest -Uri https://www.commentcastles.org/oauth/token -Method POST -Body @{client_id='xxx';grant_type='authorization_code';code='yyy';redirect_uri='zzz';code_verifier='aaa'}

Replace xxx with your client ID, replace yyy with the authorization code that was in the URL, and use your redirect URI for zzz. Replace aaa with the code verifier that you generated in step 2. If successful, the above URL request will return JSON that contains an access token.

Step 4: Now you can pass the access token to API calls and it will be as if a user is logged in. For example, in PowerShell:

Invoke-RestMethod -Method Get -Uri "https://www.commentcastles.org/api/v1/posts" -Headers @{Authorization='Bearer xxx'}

Replace xxx with your access token obtained from step 3.

API Errors

If an API request results in an error then the http status code will be 400 or 500 something, and the returned JSON will only be an array of error messages. For example, if you try to get a post without a postid in the URL:

https://www.commentcastles.org/api/v1/post

Then you will get a 400 and this JSON back:

{
    "errors": ["no postid in URL"]
}