API question: is it possible to store custom fields in posts?
I’d like to store some hidden data for use in a client app.￼ I’m trying to think of a way to store the data within the posts and avoid needing an external database.
Any suggestions how I could store data within a post, preferably in json, and access it via the API?
Edit: the data I need to store is a list of 25 numbers, which will change their order each time the post is updated.
Hi @nibl! Great question - it’s something I thought about using Write.as for as well.
When the API returns a post in json, the body comes back as a string . You could then parse that string into a list of numbers that you could then do whatever you want with. If this data is also sensitive, you could use an HTML comment in the post
<!--key:value --> and then parse out the comment when you grab the body from the API. That way nobody sees what’s there unless they use the API or inspect the page.
Would you be updating the post in the editor or programmatically?
Also feel free to check out the API docs if you haven’t already. The retrieving a post section is here: https://developers.write.as/docs/api/#retrieve-a-post
Thanks @cjeller1592, I had been reading the API docs to get some clues on how blog post data is stored.
I’m not clear on what you said about HTML comments. Wouldn’t HTML comments be visible when people view the page on the blog? I could remove them from the editing interface, but the comments would still be visible on the blog. Or is that not the case?
Let me help clarify the HTML comments thing with an example. Here is an anonymous post that uses HTML comments (https://write.as/s2ksz14cdr5eet2f.md) – note the data doesn’t render at all in the page (do a “view source” to confirm). Now we’ll access the metadata via the API. In the body you’ll see the data (in this ex. key value pairs) within the comments.
Hope that clarifies things! Would be happy to help further.
Aha! Then HTML comments could be used for users to authenticate when updating their posts.￼ Users wouldn’t stay logged in. They would enter the username and password used to create the post. Username and password could be different for each post if they wanted.
Does this work exactly the same for all posts, or is this post anonymous, or have other publication settings? Are there any specific settings I need to use when creating posts like your example? @cjeller1592
So once you log in through the API, you get a user authentication token. This token, if fed into the header of an “Update post” API call, will update any post you’ve made when logged in. All you need is the post’s ID, whether in an anonymous post or blog, and you’ll be good to go.
You could definitely this store authentication tokens in posts using HTML comments but I would advise against that. All anyone has to do is grab your post via the API or put a .txt extension on your post’s url and they’ll grab that sensitive data. Take the above post as an example: https://write.as/s2ksz14cdr5eet2f.txt
If you want to update posts, I’d recommend keeping the authentication token in the app itself as a variable and not in your posts. Keep the business logic in the app and only use the API to grab the post’s body (which will only contain the data and no authentication tokens).
Does that make sense @nibl?
Okay, got it. I looked into authentication with Glitch and found a service called Auth0, which has a free plan. That apparently takes the hassle out of passport.js authentication.
I’ll start playing with the API. Haven’t used Glitch or Node before, so it’ll be an adventure.
What languages/frameworks are you comfortable with? Glitch has a pretty extensive list of supported languages. I’d recommend looking into that before feeling like you have to learn Node. I, for instance, use Glitch almost exclusively with Python.
Got it! @bugbuster has made a great search app that uses PHP. I am sure he could talk more about that and answer any questions if needed. Here’s my remix of it:
I’d also recommend reading his commentary about creating the app:
@cjeller1592, this PHP program does not actually access the API. The data is downloaded beforehand using Curl, and stored locally.￼ Two questions:
The reason I wrote the PHP program using local JSON data extracted either via the API or the blog export feature was that I didn’t want to burden the server with a lot of live API calls, as I do frequent searches of my blogs. I wanted to just occasionally download the data, use that for the searches, and only update the JSON file periodically. It was primarily a netiquette consideration.
I wrote the program for my own purposes and freely offered it to anyone who wishes to use it, though I provide no support for it.
@cjeller1592 then converted it into a very nice glitch app, which is great since people who don’t want to mess with having their own web server with PHP support can just use the glitch app.
@bugbuster gives the right reasons for using local JSON. It depends on what kind of API calls you want to make. If you’re just retrieving a post or two then that’s fine. But if you’re retrieving all of your posts to do a search, then that’ll be a burden on the server.
While I have super limited knowledge of PHP, I can at least give you a simple example of accessing the API that might be handy for what you want to do. Below, I am using the Write.as API to retrieve a post, specifically its body:
$ch = curl_init();
$url = 'https://write.as/api/posts/9ea0mbe1gq9k3';
$obj= json_decode(file_get_contents($url), true);
Thanks @bugbuster for the detailed explanation. I hadn’t thought of the amount or frequency of ￼API request￼s. I only need to update one specific post at a time so API calls shouldn’t be an issue in this case. And as an aside, I agree, there needs to be more netetiquette.
Thanks @cjeller1592 for the PHP code. That is just what I needed. I had discovered that cURL was used for API requests, but only found complicated methods with additional classes. This gets the adventure started.