API for Nabble 2

Is there an API for Nabble 2?

I run a non-profit organization where access to the forum is a benefit to members.  I would like to auto register/subscribe users when they join, and auto unsubscribe them if they do not pay their dues.  

If there is not an API, could this be accomplished using the email subscribe feature?  I have heard about it but can not find any info on how it works.

Thanks

We will allow private forums in a few days. You can set up a private forum, and then add/remove who can view and post. Does that work for you?

No, we don't have that right now. But we will make a installed version of Nabble in a few months and it will allow programmers to do such things.

Will <Nabble> wrote

We will allow private forums in a few days. You can set up a private forum, and then add/remove who can view and post. Does that work for you?

May I inquire if new entries might stay moderated (with email notification to the forum owner) until allowed in by admin or owner?

I have the same requirement as the OP (AndrewWilcox).

The new private forum feature is great. However, anyone that wants to join the private forum has to email the forum owner, who then has to add them to the list of forum members manually.

What I want is to have some sort of mechanism that let me add members to the forum automatically.

That way, when someone joins my organization, they could at the same time be granted access to the organization's private forum on Nabble.

Whether this happens through an API or by some sort of message (e.g. an automatically genereted email) is less important.

Would a specific URL work for you?
Nabble could provide a URL where your system fills in the parameters.
Example:
n2.nabble.com/Page.jtp?forum=<id>&owner=<owner-email>&password=<owner-pwd>&action=<add-or-remove>&user=<user-email>

Note that you would have to provide your email and password to prove that you are the owner of the forum. The action parameter is "add" or "remove" and the user param is the user to be added/removed. That page would return a "Success" or "Failed" message that you can use for any purpose.

Does that work for you?

Thank you Hugo,
that solution sounds excellent!

I have an additional suggestion:

If <user-email> does not exist, it would be great if Nabble created an unregistered account for <user-email>, with the requested forum-access set. In that way, it is possible to grant access to my private forum for users that are not yet registered with Nabble (so that later, when they come along and register, access to my private forum is already granted).

Yes, this is how things would work.
We will work on this solution and I will let you know when it is ready.

Regards,
Hugo Teixeira
Nabble.com

Hi Andrew,

Please let me know if this solution works for you:
http://n2.nabble.com/API-for-Nabble-2-tp792099p1625948.html
Your feedback is very important.

Thanks in advance,
Hugo Teixeira
Nabble.com

I have one more request:

1. Either make the URL encrypted by means of SSL;
2. or provide some other means to encrypt the password.

I would much prefer 1, but the second option could for instance be accomplished by letting the forum owner store a secondary password as part of his profile. The calling program then could xor the password with the secondary password and hex-encode the result, and then Nabble could reverse the process upon receipt of the password.

Also see other message about password security.

Andrew, I think you mean the call with me (Will) :)

This week sounds great. Please let me know when is a good time for you. Email me at will@nabble.com. Look forward to talking to you...

AndrewWilcox wrote

When you log into Nabble, do we use SSL or encryption to protect the password? If not, then is there value in protecting the password in the REST call?

No, there is no SSL encryption anywhere at the present time (I hope they will provide it later).

However, When this scheme becomes available, I'll set up a separate ID to be the owner of a forum. I can live with my own login ID being hijacked by someone sniffing passwords - but I will be much less happy if my entire forum was hijacked. So IMHO, the owner id and password are much more sensitive than an ordinary Nabble user account.

Hi guys, let me add that the password in the URL won't be the same that you use to log in. Actually, it will be a special value that only Nabble knows how to generate. To know which value it is for you, check your "password" cookie value for the n2.nabble.com server. That value will be the password parameter and it is impossible to be guessed by other users.

Regards,
Hugo Teixeira
Nabble.com

Ok.
I hope that you provide SSL at some point, but in the meantime, I can live with that.

Hi guys,

We have implemented this feature and now you can integrate Nabble with your system.
The URL is:
http://n2.nabble.com/rest/PrivateAuthorization.jtp?forum=<id>&owner=<owner-email>&password=<owner-pwd>&action=<add-or-remove>&user=<user-email>

Parameter information:
    forum = ID of the forum;
    owner = Email of the forum owner;
    password = Value found in your "password" cookie;
    action = either "add" or "remove";
    user = Email of the user you want to handle.

We may add SSL in the future, but this is what we can have for now.
Please let me know if you have questions, comments or concerns.

Regards,
Hugo Teixeira
Nabble.com

Thank you, it worked well!

I've only a minor quibble: Removing a non-existing user results in the following: "User was successfully removed from the private forum."

(I can't help it - 20 years in software testing has made it compulsive to test every possible input to see what happens.)

ok, we have improved those messages.
This will be available in the next release, which should happen in the next 48 hours.

Regards,
Hugo Teixeira
Nabble.com