API Documentation

Notice

This is the first public beta release of the CodeProject APIs. The documentation is limited and some of the request/response schemas may (probably) will change as our users tell us what we did wrong and how we should do it. However, you can't all be right, so not everyone will get what they wish for.

Yes, detailed samples are coming. You can look at the JavaScript behind the main page of this site to see how to access the My API can be used to access Profile and other User information..

Overview

CodeProject provides a number of APIs which allow access to various resources from the CodeProject site. The initial release, V1 Beta1, only allow read access to the resources. These APIs can be found at the Resource Server located at https://api.codeproject.com.

The details of each of the APIs can be seen by selecting the appropriate API name in the APIs section on the left.

The CodeProject APIs are secured using an OAuth2 server which issues Access Tokens that must be sent to the Resource Server with each request in the Authorization Header of the HTTPS request. In order to protect the Access Token and data, HTTPS must be used to make requests to the Resource Server. Details ofthe OAuth2 specification can be found here. Further information about OAuth2 such as examples and client libraries can be found here. Further details on obtaining a Access Token can be found by selecting the Using OAUth2 chapter on the left.

There are two types of APIs exposed. The My API gets information about the logged in User. As such, the My API requires the user to grant the client application access to their information using the Authorization Code Grant or Implicit Grant flow from the OAuth2 specification to get the Access Token.

The other APIs, Articles, ForumMessages, and Questions access generally available content from The CodeProject website. While these APIs can be accessed by a logged on user's Access Token as for the My API, they can also be accessed with an Access Toke obtained using the Client Credentials Grant which uses the registered ClientId and Client Secret.

Client Registration

Clients (Applications or Websites) can be registered here. You can register up to 8 clients with their ClientId and Redirection URI. and Client Secret, and can also regenerate the Client Secret if it has been compromised. Note: the Redirection URI must be a valid HTTPS absolute URL ending in '/'.

API Authorization using OAuth2

OAuth is used to secure the APIs of many web applications including Google, LinkedIn, Facebook, Twitter, GitHub, and many others.

The CodeProject APIs are secured using an OAuth2 server which issues Bearer Tokens that must be sent to the Resource Server with each request in the Authorization Header of the HTTPS request. In order to protect the Bearer Token and data, HTTPS must be used to make requests to the Resource Server. Details ofthe OAuth2 specification can be found here. Further information about OAuth2 such as examples and client libraries can be found here.

OAuth2 provides several different 'flows' for obtaining an Access Token to be used when accessing the APIs. For the situation where the resources to be accessed are controlled by a User, the Authorization Code Grant or simpler Implicit Grant flows can be used. Both require that the client can respond to a HTTP Redirect in order to prevent the application from having any visibilty to the User Credentials. Typically, the Authorization Code Grant is used by Server-Side coded web applications, while the Implicit Grant is used by Client-Side applications using JavaScript.

As the My API provides access to User data, one of the Authorization Code Grant or Implicit Grant flows must be used to obtain the Access Token. This API will fail if called using an Access Token obtained using the Client Credentials Grant flow.

The other APIs can use an Access Token obtained using any of the OAuth2 flows, but if the client is not going to access the My API, then the Client Credentials Grant can be used. The advantage to this flow is that is does not require the User to enter any credentials. However, steps should be taken to protect the ClientId and Client Secret and so is probably not a good choice for a Client-Side JavaScript application as the code could be examined using Developer Tools in most browsers.

Articles

The Articles API allows the client access the CodeProject Articles in various ways. This includes Articles, Technical Blogs, and Tips & Tricks. Initially, the only method allows the client to get a page of the latest Articles.

API

Gets a page of the latest Articles, Technical Blogs, and Tips & Tricks, with a rating >= 3.0, ordered by Modified Date descending. The list can be filtered by specifying a list of tags. If specified, the Article must be tagged with at least one of the tags.

ForumMessages

This controller deals with accessing ForumMessages.

API

Gets the latest Messages for a Forum.

Gets the latest Messages for a MessageThread.

My

This API provide access to various resources that belong to the user.

API

Gets a page of the user's Answers.

Gets a page of the user's articles.

Gets a page of the user's Blogs Posts.

Gets a page of the user's Bookmarks.

Gets a page of the user's Messages.

Gets a page of the user's Notifications.

Gets the current user's profile information.

Gets a page of the user's Questions.

Gets a page of the user's Reputation.

Gets a page of the user's Tips.

Questions

This controller deals with accessing Questions.

API

Gets a page of the latest new, active, or unanswered Questions. The mode parameter specifies on which type of Questions to filter the results. Tags to include or exclude questions may also be specified to further limit the results contents.