API: Storing custom fields, or hidden data

API question: is it possible to store custom fields in posts?

I’d like to store some hidden data for use in a client app. I’m trying to think of a way to store the data within the posts and avoid needing an external database.

Any suggestions how I could store data within a post, preferably in json, and access it via the API?

Edit: the data I need to store is a list of 25 numbers, which will change their order each time the post is updated.

Hi @nibl! Great question - it’s something I thought about using Write.as for as well.

When the API returns a post in json, the body comes back as a string . You could then parse that string into a list of numbers that you could then do whatever you want with. If this data is also sensitive, you could use an HTML comment in the post <!--key:value --> and then parse out the comment when you grab the body from the API. That way nobody sees what’s there unless they use the API or inspect the page.

Would you be updating the post in the editor or programmatically?

Also feel free to check out the API docs if you haven’t already. The retrieving a post section is here: https://developers.write.as/docs/api/#retrieve-a-post

Thanks @cjeller1592, I had been reading the API docs to get some clues on how blog post data is stored.

What would happen if I placed JavaScript objects inline, as code inside the page? That would be the easiest way to access the data. Would JavaScript code be stripped if it is stored inside the post? Or perhaps not be stored in the first place?

I’m not clear on what you said about HTML comments. Wouldn’t HTML comments be visible when people view the page on the blog? I could remove them from the editing interface, but the comments would still be visible on the blog. Or is that not the case?

This client is only for updating a post. Updates will need to be programmatic because I want to use a draggable JavaScript widget. Reading is in the normal way on W.a.

No problem @nibl! If the JavaScript to place objects inside the page is written in the Custom JavaScript section, it won’t appear in the body of a post when you access it via the API.

Let me help clarify the HTML comments thing with an example. Here is an anonymous post that uses HTML comments (https://write.as/s2ksz14cdr5eet2f.md) – note the data doesn’t render at all in the page (do a “view source” to confirm). Now we’ll access the metadata via the API. In the body you’ll see the data (in this ex. key value pairs) within the comments.

Hope that clarifies things! Would be happy to help further.

Aha! Then HTML comments could be used for users to authenticate when updating their posts. Users wouldn’t stay logged in. They would enter the username and password used to create the post. Username and password could be different for each post if they wanted.

Does this work exactly the same for all posts, or is this post anonymous, or have other publication settings? Are there any specific settings I need to use when creating posts like your example? @cjeller1592

So once you log in through the API, you get a user authentication token. This token, if fed into the header of an “Update post” API call, will update any post you’ve made when logged in. All you need is the post’s ID, whether in an anonymous post or blog, and you’ll be good to go.

You could definitely this store authentication tokens in posts using HTML comments but I would advise against that. All anyone has to do is grab your post via the API or put a .txt extension on your post’s url and they’ll grab that sensitive data. Take the above post as an example: https://write.as/s2ksz14cdr5eet2f.txt

If you want to update posts, I’d recommend keeping the authentication token in the app itself as a variable and not in your posts. Keep the business logic in the app and only use the API to grab the post’s body (which will only contain the data and no authentication tokens).

Does that make sense @nibl?

Okay, got it. I looked into authentication with Glitch and found a service called Auth0, which has a free plan. That apparently takes the hassle out of passport.js authentication.

I’ll start playing with the API. Haven’t used Glitch or Node before, so it’ll be an adventure.

What languages/frameworks are you comfortable with? Glitch has a pretty extensive list of supported languages. I’d recommend looking into that before feeling like you have to learn Node. I, for instance, use Glitch almost exclusively with Python.

I’m okay with PHP and Javascript. It’s the server-side part I’d need to learn about Node. @cjeller1592 do you know of any Glitch apps for W.a that use JavaScript, or PHP? Looking for something to get me started.

Got it! @bugbuster has made a great search app that uses PHP. I am sure he could talk more about that and answer any questions if needed. Here’s my remix of it:

I’d also recommend reading his commentary about creating the app:


@cjeller1592, this PHP program does not actually access the API. The data is downloaded beforehand using Curl, and stored locally. Two questions:

  • Why is the data searched locally when there is an API? I have seen a Glitch app that does search Write.as live.

  • Are there any examples of PHP accessing the API?

The reason I wrote the PHP program using local JSON data extracted either via the API or the blog export feature was that I didn’t want to burden the server with a lot of live API calls, as I do frequent searches of my blogs. I wanted to just occasionally download the data, use that for the searches, and only update the JSON file periodically. It was primarily a netiquette consideration.

I wrote the program for my own purposes and freely offered it to anyone who wishes to use it, though I provide no support for it.

@cjeller1592 then converted it into a very nice glitch app, which is great since people who don’t want to mess with having their own web server with PHP support can just use the glitch app.


@bugbuster gives the right reasons for using local JSON. It depends on what kind of API calls you want to make. If you’re just retrieving a post or two then that’s fine. But if you’re retrieving all of your posts to do a search, then that’ll be a burden on the server.

While I have super limited knowledge of PHP, I can at least give you a simple example of accessing the API that might be handy for what you want to do. Below, I am using the Write.as API to retrieve a post, specifically its body:

$ch = curl_init();
$url = 'https://write.as/api/posts/9ea0mbe1gq9k3';

$obj= json_decode(file_get_contents($url), true);

echo $obj['data']['body']

1 Like

Thanks @bugbuster for the detailed explanation. I hadn’t thought of the amount or frequency of API requests. I only need to update one specific post at a time so API calls shouldn’t be an issue in this case. And as an aside, I agree, there needs to be more netetiquette.

Thanks @cjeller1592 for the PHP code. That is just what I needed. I had discovered that cURL was used for API requests, but only found complicated methods with additional classes. This gets the adventure started.

I’ve worked out the steps I need to take: Store the relevant data in an HTML comment, get it via the API, populate the JavaScript widgets so others can manipulate the data, format the new data into a W.a post, and update the previous post via the API.

1 Like