Comment CastlesThe full URL for all endpoints starts with https://www.commentcastles.org/api/v1. All endpoints return JSON. All POST and PUT requests must have a content type of application/x-www-form-urlencoded.
This call will return a single comment and its subcomments.
/comment?commentid=utePeJTWFGjstaQfbVntPn
Get all of the users that the logged in user follows.
Invoke-RestMethod -Method GET -Uri "https://www.commentcastles.org/api/v1/follow" -Headers @{Authorization='Bearer 5e480d66cbd34364629308c086435bc4b0665a2f'}
This call will return a single post and its comments.
/post?postid=SxqYZnDk26oisgSCS9bTjN
This returns all posts, exactly like the homepage. The data is paginated at 20 posts per page.
/posts?sort=last&viewmode=discover&p=2
This will create a new comment. It can create a comment on a post or another comment. Supply either a post_id or a comment_id, supplying both or neither is an error.
Invoke-RestMethod -Method POST -Uri "https://www.commentcastles.org/api/v1/comment" -Headers @{Authorization='Bearer cb1ef3699927c3f293d4b5a116409ecf4b92707f'} -Body @{post_id='O9qIMDTUUlm512s3hZu0ps';text_content='hello';}
Invoke-RestMethod -Method POST -Uri "https://www.commentcastles.org/api/v1/comment" -Headers @{Authorization='Bearer cb1ef3699927c3f293d4b5a116409ecf4b92707f'} -Body @{comment_id='J2nfJKIeeIIF6ScwxJL2F2';text_content='hi!';}
Follow another user.
Invoke-RestMethod -Method POST -Uri "https://www.commentcastles.org/api/v1/follow" -Headers @{Authorization='Bearer 0f0276970a297e3bcc20d2981e1844df694377ff'} -Body @{user_id='t4TNrHnQuLNn3CBoX7bRkX'}
This will create a new post.
Invoke-RestMethod -Method POST -Uri "https://www.commentcastles.org/api/v1/post" -Headers @{Authorization='Bearer 50595b011188c5b76378066623f6c4f84d9272e9'} -Body @{title='my title 66bb';link='http://somesite.com';text_content='some content';tags='news,bread';}
This endpoint edits a comment.
Invoke-RestMethod -Method PUT -Uri "https://www.commentcastles.org/api/v1/comment" -ContentType "application/x-www-form-urlencoded" -Headers @{Authorization='Bearer f55b564268cd8b14c394b0723f4d20b96ae2066b'} -Body @{comment_id='tnH5OAmOkilFPUsRmyW5d0';text_content='my new content'}
This will edit a post.
Invoke-RestMethod -Method PUT -Uri "https://www.commentcastles.org/api/v1/post" -ContentType "application/x-www-form-urlencoded" -Headers @{Authorization='Bearer d80743e5ece197fa8bc888ffef5f3d7df993ecd7'} -Body @{post_id='cdD7zmyruJDJFieTLtKXls';title='my new title';text_content='some new content.'}
This deletes a comment.
Invoke-RestMethod -Method DELETE -Uri "https://www.commentcastles.org/api/v1/comment?comment_id=D38yoq7I71oSON8jrxnF9a" -Headers @{Authorization='Bearer 4932ee96e45e154bb8a766f52dbc7ee3a34f1f3a'}
Unfollow another user.
Invoke-RestMethod -Method DELETE -Uri "https://www.commentcastles.org/api/v1/follow?user_id=f4NX2quPhZQJuxIVByOBRj" -Headers @{Authorization='Bearer 9b9fda40952b048dc1da193e19c087ac81bfcee6'}
This deletes a post.
Invoke-RestMethod -Method DELETE -Uri "https://www.commentcastles.org/api/v1/post?post_id=3wCYDmiQR2rOZHTpDdrHu" -Headers @{Authorization='Bearer 48780f71186895055d8246ecfc5c95420d049f30'}
You can authenticate users for API calls by using OAuth 2. Here are the instructions for how to use our OAuth 2 setup:
Step 1: Sign up, log in and go to app IDs in the settings. Register your app by specifying a name and a redirect URI. Once you register your app the client ID will show. You will need to use the client ID and redirect URI in later steps.
Step 2: In the app you're building, make the login button display this page in the browser:
https://www.commentcastles.org/oauth/authorize?client_id=xxx&state=yyy&response_type=code&redirect_uri=zzz&code_challenge=aaa&code_challenge_method=bbb
Replace xxx with your client ID, replace yyy with a state value (it can be anything), and fill in zzz with your redirect URI (it must match the redirect URI from step 1). Replace aaa with either a code verifier or the hash of a code verifier. bbb should be "plain" if you only pass a plain code verifier, and bbb should be "S256" if you pass a hashed code verifier.
A code verifier is a random 43 character string made up of a-z, A-Z, 0-9, "_", "-", "." and "~". To hash the code verifier you first take the SHA256 hash and then you base64-URL-encode the value. You know your hash algorithm is correct if "waffle" yields the value "X6tfQ9Cy-XUm59qsseQv_ReOIGfFmgA20NmEo77Cifs".
When a user visits the above URL they have to click a confirm button.
Step 3: When a user clicks the confirm button they will be redirected to your redirect URI with a state variable and a code variable in the URL. The code variable is an authorization code. The app you're building now requests POST /oauth/token. Here is the request in PowerShell:
Invoke-WebRequest -Uri https://www.commentcastles.org/oauth/token -Method POST -Body @{client_id='xxx';grant_type='authorization_code';code='yyy';redirect_uri='zzz';code_verifier='aaa'}
Replace xxx with your client ID, replace yyy with the authorization code that was in the URL, and use your redirect URI for zzz. Replace aaa with the code verifier that you generated in step 2. If successful, the above URL request will return JSON that contains an access token.
Step 4: Now you can pass the access token to API calls and it will be as if a user is logged in. For example, in PowerShell:
Invoke-RestMethod -Method Get -Uri "https://www.commentcastles.org/api/v1/posts" -Headers @{Authorization='Bearer xxx'}
Replace xxx with your access token obtained from step 3.
If an API request results in an error then the http status code will be 400 or 500 something, and the returned JSON will only be an array of error messages. For example, if you try to get a post without a postid in the URL:
https://www.commentcastles.org/api/v1/post
Then you will get a 400 and this JSON back:
{
"errors": ["no postid in URL"]
}