37 |
38 |
39 | ### Changing Scopes
40 |
41 | If the scopes you initially requested have changed, or your users may have otherwise authorized some but not all of those scopes, you can send them back through the authorization flow and it will ask for the new scopes to be allowed.
42 |
43 | Your client can tell what scopes a user has authorized for your client by the `X-OAuth-Scopes` return header on a request, or by directly requesting their [Token](../resources/token#get-token).
44 |
45 | If your app needs to *remove* scopes for a user, you will have to delete all of the user's tokens individually. You can [request all tokens authorized for your app](../resources/users/lookup#get-apps-me-users-tokens), and [delete](../resources/token#delete-token) all of them for a user. Once all tokens are removed, the user will have to completely re-authenticate the app, and you can request different scopes.
46 |
47 |
48 | ## App Tokens
49 |
50 | In the documentation, an scope indicates that an app token is required for the endpoint.
51 |
52 |
53 | ## Notes
54 |
55 | ### basic {#basic}
56 |
57 | If any other scope is authorized, `basic` is redundant.
58 |
59 | Because it is redundant, it will be included in the authorization options if any other scope is authorized. If your app is double-checking what scopes were authorized, be sure it does not get thrown off if it sees `basic`.
60 |
61 | Any scope will allow access to any endpoints in the API that specify access token. That includes a user's...
62 |
63 | * following
64 | * followers
65 | * muted
66 | * blocked
67 | * presence
68 | * badges
69 | * interactions
70 | * bookmarks
71 | * public clients
72 | * ongoing operations
73 |
74 | as well as abilities to...
75 |
76 | * report a post or message
77 | * set a stream marker
78 | * delete user streams
79 | * get your current token
80 |
81 |
82 | ### email {#email}
83 |
84 | When the `email` scope is authorized, the user's tokens will include their email address.
85 |
86 | `email` cannot be authorized by a user for the first time through Password Flow.
87 |
88 | App Streams do not notify of email address changes.
89 |
90 |
91 | ### files {#files}
92 |
93 | #### Uploading Files vs Managing Files
94 |
95 | Clients that only upload files to attach to posts or messages don't need `files` authorized. If you already have `write_post` or a `messages` scope authorized, you can upload files.
96 |
97 | If a client has a `files`-related scope, it will be able to retrieve, update, attach, and delete those files without including a `file_token`.
98 |
99 | #### Special Extended File Scopes
100 |
101 | There are two special file scopes: `files:core_audio` gives access to all files with `kind: audio`, and `files:core_image` gives access to all files with `kind: image`. These do not currently trigger App Stream objects; specific file types or the whole `files` scope would need to be specified to use App Streams with files.
102 |
103 |
104 | ### messages {#messages}
105 |
106 | #### Updating presence in a channel
107 |
108 | The `presence` scope is for global user's presence. If a user access token has access to a channel, it can update the user's presence in that channel. The `presence` scope isn't relevant to channel presence permissions.
109 |
110 |
111 | ### polls {#polls}
112 |
113 | #### Uploading Polls vs Managing Polls
114 |
115 | This scope works similarly to `files`, and is not needed to create and attach polls to posts and messages, but lets users attach and delete polls without a `poll_token`.
116 |
117 |
118 | ### write_post {#write_post}
119 |
120 | `write_post` allows an app to create files and polls as well, so those can be created and attached using their returned "tokens".
121 |
--------------------------------------------------------------------------------
/authentication/web-flows.md:
--------------------------------------------------------------------------------
1 | # Authentication Web Flows
2 |
3 |
4 | ## Setup
5 |
6 | Client-side flow is generally used for Javascript and other situations where the code could be inspected by a 3rd party, and they could see your `client_secret`.
7 |
8 | If you are working with mobile clients, or otherwise are embedding the web page in the app, you may want to add `&simple_login=1` to your endpoint URI, which removes the navigation and extraneous links from the authorization page.
9 |
10 | To start, set at least one redirect URI in the developer area for your client. This restricts what server or app can receive the access token at the end of the process.
11 |
12 |
13 | ## Server-side flow
14 |
15 | Start by making this GET call:
16 |
17 | ```markdown
18 | https://pnut.io/oauth/authenticate
19 | ?client_id=[client ID]
20 | &redirect_uri=[redirect URI]
21 | &scope=[comma-delimited scopes]
22 | &response_type=code
23 | ```
24 |
25 | *To always prompt the user for authorization of scopes, even if they already have, use the `https://pnut.io/oauth/authorize` endpoint instead.*
26 |
27 | This will direct the user to a page to authorize your client for the given scopes. If they approve, it will redirect them to your redirect URI with `/?code=[CODE]` appended.
28 |
29 | If the user decides *not* to authorize your client, they will be redirected to your redirect URI with `/?error_message=resource+owner+denied+your+app+access&error=access_denied` appended.
30 |
31 | Now make a POST call with what you now have in the URL-encoded body (with a `Content-Type` of `application/x-www-form-urlencoded`):
32 |
33 | ```bash
34 | curl "https://api.pnut.io/v1/oauth/access_token" \
35 | -d "client_id=${CLIENT_ID}" \
36 | -d "client_secret=${CLIENT_SECRET}" \
37 | -d "code=${CODE}" \
38 | -d "redirect_uri=${REDIRECT_URI}" \
39 | -d "grant_type=authorization_code" \
40 | -X POST
41 | ```
42 |
43 | A JSON response will be returned in the form of:
44 |
45 | ```json
46 | {"access_token":ACCESS_TOKEN, "token":{"...Token object..."}, "user_id":USER_ID, "username":USERNAME}
47 | ```
48 |
49 |
50 |
51 |
52 | ## Client-side flow
53 |
54 | Start with this GET:
55 |
56 | ```bash
57 | https://pnut.io/oauth/authenticate
58 | ?client_id=[client ID]
59 | &redirect_uri=[redirect URI]
60 | &scope=[comma-delimited scopes]
61 | &response_type=token
62 | ```
63 |
64 | *To always prompt the user for authorization of scopes, even if they already have, use the `https://pnut.io/oauth/authorize` endpoint instead.*
65 |
66 | This will direct the user to an authorization page just like the server-side flow. If they approve the scopes for your client, they will be redirected to your `redirect URI` with `/#access_token=[token]` appended.
67 |
68 | If the user decides *not* to authorize your client, they will be redirected to your `redirect URI` with `/#error_message=resource+owner+denied+your+app+access&error=access_denied` appended.
--------------------------------------------------------------------------------
/changes/0.3.0.md:
--------------------------------------------------------------------------------
1 | ## [v0.3.0](https://pnut.io/docs/changes/0.3.0) {#0.3.0}
2 |
3 | This is a major update to pnut.io. The following is notable.
4 |
5 | ### Features
6 |
7 | * More capable app directory
8 | * Mutes and blocks management from pnut.io
9 | * Channels
10 | * Stream markers
11 | * Client secret reset option
12 |
13 |
14 | ### Changes
15 |
16 | * `pagination_id` added to user, post, message, and channel objects in paginated responses
17 | * Following, followers, muted, and blocked user lists are now paginated
18 | * PUT/DELETE bookmark returns the post bookmarked
19 | * `presence` endpoints now include a timestamp of the last time a user was seen (even when their status is not "offline")
20 | * Bookmarks are no longer restricted to the bookmarker
21 | * `invited_by` no longer included on user objects (simply able to look it up on the invite tree on pnut.io)
22 | * Developers required to enter password on every login
23 | * Markdown links and normal links are parsed by default. To prevent parsing, must include `entities.parse_links=0`
24 | * Requests for tokens respond with errors closer to OAuth 2.0 guidelines
25 | * Removed `/posts/streams/feed`, `/posts/streams/link`, `/posts/streams/domain`, `/posts/streams/link` (more appropriate to retrieve via future search)
26 | * Moved `/system/configuration` and `/system/statistics` to `/sys/config` and `/sys/stats`
27 |
28 |
29 | ### Fixes
30 |
31 | * Inviting a user now creates a "follow" action when they auto-follow the inviter
32 | * Blocks are missing fewer edge cases
33 | * Revising a post parsing markdown links and normal links improperly
34 | * Users' list of actions executed against them could only filter by one type; now any number
35 |
36 | *Released 2016-11-24*
--------------------------------------------------------------------------------
/changes/0.4.0.md:
--------------------------------------------------------------------------------
1 | ## [v0.4.0](https://pnut.io/docs/changes/0.4.0) {#0.4.0}
2 |
3 | This is a major update to pnut.io. The following is notable.
4 |
5 | ### Features
6 |
7 | * `raw` data on posts, messages, users, and channels
8 | * Stream markers can be updated to the latest ID on post or message creation
9 | * Channel-specific sticky messages
10 | * Channel thread endpoint
11 |
12 |
13 | ### Changes
14 |
15 | * Revising posts saves the complete original post, where it used to only preserve the original `text` and `html`
16 | * `X-API-Version` header changed to a major.minor.bugfix format, though in 0.x.x, all are minor or bugfix changes
17 |
18 |
19 | ### Fixes
20 |
21 | * Avatars/covers not showing on pnut.io profiles
22 | * `/users/me/channels/subscribed` was ordered by ID only, now by most recent message or most recent creation, with clarifying `pagination_id`
23 | * Requesting a token did not return the list of scopes for it
24 | * New user creation did not properly handle the created "follow" action
25 | * Calls for user avatars/covers were not forwarding query parameters
26 |
27 | *Released 2017-01-07*
--------------------------------------------------------------------------------
/changes/0.4.1.md:
--------------------------------------------------------------------------------
1 | ## [v0.4.1](https://pnut.io/docs/changes/0.4.1) {#0.4.1}
2 |
3 | This is a minor update to pnut.io.
4 |
5 | ### Fixes
6 |
7 | * Usernames were case-sensitive in password_flow
8 | * `io.pnut.core.chat`-type channels were not creatable
9 | * Public channels included `you` in the ACL unnecessarily when not authenticated
10 | * Deleting channel messages sometimes did not work
11 | * `/users/me/actions` not returning follow actions under some circumstances
12 |
13 | *Released 2017-01-15*
--------------------------------------------------------------------------------
/changes/0.4.2.md:
--------------------------------------------------------------------------------
1 | ## [v0.4.2](https://pnut.io/docs/changes/0.4.2) {#0.4.2}
2 |
3 | This is a minor update to pnut.io.
4 |
5 | ### Features
6 |
7 | Submitting `entities.links` on posts, messages, and users works (it is incongruously entities.links on posts and messages, but content.entities.links on users)
8 | Markers are always included on `GET /channels/{channel_id}/messages` and can be included on `GET /channels/{channel_id}` with `include_marker=1` in the query
9 |
10 |
11 | ### Changes
12 |
13 | Deactivating accounts is more straight-forward and consistent
14 |
15 |
16 | ### Fixes
17 |
18 | Unicode `pos` and `len` on entities was not handled properly
19 | Tags inside markdown were parsed, breaking html/text
20 | `GET /users?ids=` can now be @-usernames and user IDs
21 | `is_nsfw` was not consistently handled (and sometimes ignored)
22 |
23 | *Released 2017-01-23*
--------------------------------------------------------------------------------
/changes/0.4.3.md:
--------------------------------------------------------------------------------
1 | ## [v0.4.3](https://pnut.io/docs/changes/0.4.3) {#0.4.3}
2 |
3 | This is a minor update to pnut.io.
4 |
5 | ### Features
6 |
7 | * `include_marker=1` option available on all stream marker-capable endpoints
8 |
9 | ### Changes
10 |
11 | * "-" was not handled correctly in link entities
12 | * Mutes were making messages and post actions appear multiple times
13 |
14 | *Released 2017-01-25*
--------------------------------------------------------------------------------
/changes/0.4.4.md:
--------------------------------------------------------------------------------
1 | ## [v0.4.4](https://pnut.io/docs/changes/0.4.4) {#0.4.4}
2 |
3 | This is a minor update to pnut.io.
4 |
5 | ### Features
6 |
7 | * All non-developers now have the ability to create one client that only they can authorize
8 | * Users who reposted or bookmarked posts can be included by including query parameters `include_reposted_by` and `include_bookmarked_by`
9 | * Basic view of tags at `https://pnut.io/tags/tag` and RSS for them at `https://pnut.io/feed/rss/posts/tags/tag`
10 |
11 |
12 | ### Changes
13 |
14 | * Non-markdown non-client-supplied links are restricted to known TLDs
15 | * Mentions are allowed at the end of word breaks (think: `"@`, `'@`, `(@`)
16 | * Improved pnut.io user profiles and threads
17 |
18 |
19 | ### Fixes
20 |
21 | * Suspended and deleted accounts no longer retrievable from pnut.io
22 | * `public_messages` and `messages` being authorized could result in only `public_messages` access
23 | * User RSS handles reposts properly
24 |
25 | *Released 2017-02-04*
--------------------------------------------------------------------------------
/changes/0.4.5.md:
--------------------------------------------------------------------------------
1 | ## [v0.4.5](https://pnut.io/docs/changes/0.4.5) {#0.4.5}
2 |
3 | This is a minor feature update to pnut.io.
4 |
5 | ### Features
6 |
7 | * Invites are now created automatically
8 | * Each app in the directory now has its own simple page, with expanded description
9 | * Can hide posts directed at people you do not follow
10 | * Can hide "copy mentions" on the mentions endpoint
11 | * New Explore streams for posts that are Conversations, Trending, and Photos
12 | * New endpoint `/users/me/channels/existing_pm` retrieves a channel between a given set of users, if it exists
13 | * The subscribed channels endpoint (`/users/me/channels/subscribed`) includes count for unread PMs in the meta field
14 | * Can now add "notes" to unused invites, to easily track what you're doing with them
15 |
16 |
17 | ### Changes
18 |
19 | * PM notifications are strictly indicators that you have unread PMs, and no longer contain the text of the messages
20 | * Better HTML version of the mention notification E-mail
21 | * Underscores now allowed in tags
22 | * Small improvement to threads and user profiles on pnut.io
23 | * Clients now require approval before being published to the app directory
24 |
25 |
26 | ### Fixes
27 |
28 | * Deauthorizing a client that doesn't have any tokens now deauthorizes its scopes properly
29 | * Deleted posts should no longer show up in older threads/streams (as well as other bleeding possibilities)
30 | * Channels were showing up multiple times (a subscription bug) on the subscribed channels endpoint
31 | * `count=-**n**` now works as expected on post streams
32 | * Text with E-mail addresses in it should not be parsed as links or mentions
33 |
34 | *Released 2017-03-03*
--------------------------------------------------------------------------------
/changes/0.4.5b.md:
--------------------------------------------------------------------------------
1 | ## [v0.4.5b](https://pnut.io/docs/changes/0.4.5b) {#0.4.5b}
2 |
3 | This is a minor feature update to pnut.io.
4 |
5 | ### Features
6 |
7 | * "Support Us" page has basic stats
8 | * New "Activity" account page, which shows the last 10 significant actions made in your account (logins, password changes, etc.)
9 |
10 | *Released 2017-03-14*
--------------------------------------------------------------------------------
/changes/0.5.0.md:
--------------------------------------------------------------------------------
1 | ## [v0.5.0](https://pnut.io/docs/changes/0.5.0) {#0.5.0}
2 |
3 | This is a feature update to pnut.io.
4 |
5 | ### Features
6 |
7 | * App tokens
8 | * App Streams
9 | * Umlauts, emoji, foreign characters allowed in tags
10 | * Logo
11 | * Many new documents, some vague
12 |
13 | ### Changes
14 |
15 | * Redirect URIs can now have query parameters and still validate
16 | * Link entities will not include redundant phishing protection
17 | * API documentation is rearranged, and included verbatim from the GitHub repository
18 | * OAuth now warns when the client is requesting a non-HTTPS redirect_uri, and better displays what is being authorized
19 | * pnut.io now shows oembed images on posts. Other minor improvements
20 | * The "Support Us" page now includes message counts in the stats
21 | * Mentions in a post are now more likely to be considered "leading mentions"
22 | * Messages do not include counts.replies at all (for now)
23 |
24 | ### Fixes
25 |
26 | * Multiple manually submitted links would fail to be parsed
27 | * Invites were not calculated correctly (so were seldom given out)
28 | * Redirecting after login and related edge cases are improved around OAuth
29 |
30 | *Released 2017-04-15*
--------------------------------------------------------------------------------
/changes/0.5.1.md:
--------------------------------------------------------------------------------
1 | ## [v0.5.1](https://pnut.io/docs/changes/0.5.1) {#0.5.1}
2 |
3 | This is a minor feature and bug fix update to pnut.io.
4 |
5 | ### Features
6 |
7 | * The first developer to authorize an extended scope can now customize a description of what it is used for, when users authorize the scope in the future ("Content Types" in dev area)
8 | * Users can change username once, and can change capitalization as often as they want, from pnut.io profile settings
9 | * Including `#nsfw` in a post automatically marks it as "Not Safe for Work", unless explicitly marked otherwise
10 | * Including `?exclude_channel_types=` on channel streams excludes the given types from the stream (opposite of `?channel_types=`)
11 | * Including `?include_limited_users=1` on subscribed channel streams and individual channel calls will include users as limited objects in the ACL instead of user IDs only
12 | * "Missed Conversations" explore stream added (random posts that had no interactions)
13 |
14 | ### Changes
15 |
16 | * Activity log now includes administrative events (when an admin makes you a developer, suspends your account, etc.)
17 | * Bare links are now parsed differently, and will accept more valid links, including IPv4/6 addresses
18 |
19 | ### Fixes
20 |
21 | * Emoji tag streams did not function on pnut.io
22 | * `/users/{user_id}/posts` now returns the user's posts even if an authorized user requests it after blocking or muting them
23 |
24 | *Released 2017-04-30*
--------------------------------------------------------------------------------
/changes/0.6.0.md:
--------------------------------------------------------------------------------
1 | ## [v0.6.0](https://pnut.io/docs/changes/0.6.0) {#0.6.0}
2 |
3 | This is a major feature update to pnut.io.
4 |
5 | ### Features
6 |
7 | * File API
8 | * Pay-what-you-want tier!
9 | * Repost and follow E-mail notifications
10 | * RSS feed of personal and unified streams
11 | * File Storage
12 | * MFA logins (TOTP option)
13 | * Added [microformats2](http://microformats.org/wiki/microformats2) to pnut.io posts and profiles
14 | * Added `markdown_text` to user profile when retrieving own profile (helpful for editing)
15 | * Including `&simple_login=1` on web authentication flows now shows an embed-friendly page for oauth
16 |
17 |
18 | ### Changes
19 |
20 | * Consolidated some account management areas
21 | * Increased invite limit from 5 to 7
22 | * Clarified activation process on new sign up
23 | * Notification E-mails are now digests
24 | * Avatars and cover images limited to 2097152 and 4194304 bytes, instead of 2000000 and 4000000 bytes
25 | * Posts from bots will not add threads to the "Conversations" explore stream
26 | * pnut.io now reverses markdown when editing your profile
27 |
28 |
29 | ### Fixes
30 |
31 | * Password recovery E-mail address was case-sensitive
32 | * "Users" count on user objects (number of users invited) was incorrect
33 | * Deleted messages were not being sent to App Streams
34 | * Channel owner access was denied in an edge case
35 |
36 | Note that after a year, current developers will have to pay $10/year for developer access.
37 |
38 | *Released 2017-07-25*
--------------------------------------------------------------------------------
/changes/0.7.0.md:
--------------------------------------------------------------------------------
1 | ## [v0.7.0](https://pnut.io/docs/changes/0.7.0) {#0.7.0}
2 |
3 | This is a major feature update to pnut.io.
4 |
5 | ### Features
6 |
7 | * User, post, channel, and message search
8 | * Derivative files
9 | * Auto-generated thumbnails for images
10 |
11 |
12 | ### Changes
13 |
14 | * File link expiration extended
15 | * `?include_directed_posts=0` does not exclude your own posts
16 | * Replies to your own posts do not add that thread to the Conversations explore stream
17 | * App streams allow the access token to be included in the header or query parameter, like other API calls
18 | * A message in a PM channel will re-subscribe any users who haven't muted the channel
19 | * Improved domain verification on profiles using `rel="me"` link
20 | * TOTP login authentication is available to everyone
21 |
22 |
23 | ### Fixes
24 |
25 | * `/users/{user_id}/clients` not retrieving all active clients in some cases
26 | * TOTP authentication setup
27 | * PM not able to find existing channel in some cases
28 | * Owners and full-ACL users not able to delete others' messages in non-PM channels
29 | * Complex tags in posts not rendered as links on pnut.io
30 | * `redirect_uri` did not work with an edge case
31 |
32 | *Released 2017-08-27*
--------------------------------------------------------------------------------
/changes/0.7.1.md:
--------------------------------------------------------------------------------
1 | ## [v0.7.1](https://pnut.io/docs/changes/0.7.1) {#0.7.1}
2 |
3 | This is a minor feature update to pnut.io.
4 |
5 | ### Features
6 |
7 | * Personal data exports may be requested in the "Data" section of your account (*Currently does not include files)
8 | * Numerous new characteristics for developers to note about their apps, including pictures
9 | * API errors will often include referenceable `meta.error_id` on 500 responses
10 |
11 |
12 | ### Changes
13 |
14 | * `/users/me/actions` now combines multiple objects in the `objects` list for the same action commited by different users
15 | * Front page and app pages redesigned
16 | * Link parsing should be operational; API will retrieve title and description for a link
17 | * Removed *all* GUID properties (posts, users, messages)
18 |
19 |
20 | ### Fixes
21 |
22 | * RSS tag feeds of multibyte character tags would not load
23 |
24 | *Released 2017-09-10*
--------------------------------------------------------------------------------
/changes/0.7.2.md:
--------------------------------------------------------------------------------
1 | ## [v0.7.2](https://pnut.io/docs/changes/0.7.2) {#0.7.2}
2 |
3 | This is a minor feature update to pnut.io.
4 |
5 | ### Features
6 |
7 | * App Directory reorganized into categories, multiple platforms
8 | * Apps can now be "recommended" by users
9 | * Post and message stream `meta` now includes `deleted_ids` and `revised_ids`, which are lists of post or message IDs that have been deleted or revised since `since_id`
10 | * pnut badges added to profiles; supporting users may opt in to include `badge: {object}` on their user object
11 |
12 |
13 | ### Changes
14 |
15 | * pnut.io front page redesign
16 |
17 |
18 | ### Fixes
19 |
20 | * `guid` was still included on some posts and users
21 | * Creating App Streams did not handle some errors clearly
22 |
23 | *Released 2017-09-30*
--------------------------------------------------------------------------------
/changes/0.7.3.md:
--------------------------------------------------------------------------------
1 | ## [v0.7.3](https://pnut.io/docs/changes/0.7.3) {#0.7.3}
2 |
3 | This is a minor update to pnut.io.
4 |
5 |
6 | ### Changes
7 |
8 | * Users can now sign up for an account with a pnut badge if they don't have an invite
9 | * E-mail notifications happen instantaneously, then follow up with a digest of more of the same soon after
10 | * Password flow will return error for invalid scopes
11 | * Can remove verified domain from profile
12 | * Invites page improved
13 | * Languages and timezones limited to finite list instead of dynamically generated list
14 | * Enabling MFA requires a TOTP code up front, before enabling
15 |
16 |
17 | ### Fixes
18 |
19 | * Password flow didn't allow extended scopes
20 | * `GET /users/me/channels` did not work with only extended scopes authorized
21 | * No longer authorizes an extended scope if its basic scope has already been authorized
22 |
23 | *Released 2017-10-14*
--------------------------------------------------------------------------------
/changes/0.7.4.md:
--------------------------------------------------------------------------------
1 | ## [v0.7.4](https://pnut.io/docs/changes/0.7.4) {#0.7.4}
2 |
3 | ### Features
4 |
5 | * App directory "early access" and "bot" categories
6 | * Tokens can be assigned a "token group" on creation, and tokens can be revoked for an app based on IP address and token group
7 | * `kind: audio` file type recognizes MP3, FLAC, and WAVE files
8 | * `email` scope has been added, which adds `email` to user tokens
9 | * `files:core_image` and `files:core_audio` special scopes have been added, giving access to their respective `kind` of files
10 | * oEmbed endpoint for posts and files
11 | * Endpoints for reporting posts and messages
12 | * `newcomers` post explore stream, including users' first 50 posts
13 | * Post, channel, and message searches allow `?raw_types` parameter
14 | * `io.pnut.core.channel.avatar` and `io.pnut.core.channel.cover` raw types
15 |
16 | ### Changes
17 |
18 | * RSS moved from https://pnut.io/feed/rss/ to https://api.pnut.io/v0/feed/rss/ (old links redirect)
19 | * Canonical posts and user profiles direct to @xyz's [beta app](https://beta.pnut.io)
20 | * Notifications are silenced within 30 seconds of previous notifications of the same type, and channel notifications are silenced if the user has a stream marker ahead of the message
21 | * Developers can "remember" pnut.io login
22 |
23 | ### Fixes
24 |
25 | * `raw` properly catches any improper values for `value`
26 | * Some cases where objects wouldn't be sent to app streams
27 | * User editing reverse markdown was broken with multiple markdown links
28 | * New developers' existing apps were not automatically made usable by other users
29 | * Bot and feed users' mentions did not correctly go to mention streams
30 | * `?include_message_html=0` was ignored
31 |
32 | *Released 2017-11-16*
--------------------------------------------------------------------------------
/changes/0.7.5.md:
--------------------------------------------------------------------------------
1 | ## [v0.7.5](https://pnut.io/docs/changes/0.7.5) {#0.7.5}
2 |
3 | ### Features
4 |
5 | * Pnut.io account area translations
6 | * New Privacy page includes mutes, blocks, and new function to limit who can create new private message channels with you
7 | * Bookmark E-mail notifications option for pnut badge supporters
8 | * App Streams support `raw` by setting appropriate query parameters on the websocket link
9 |
10 | ### Changes
11 |
12 | * Developer client "tokens" are no longer a thing; instead, new clients can be made by developers after a certain period
13 | * `kind` is no longer required on file upload; you may juggle whether to specify `kind`, `mime_type`, neither, both
14 | * `locale` limited to smaller list; more locales should be added on demand and as supportable
15 | * `email` scope is not authorizable over Password Flow, to prevent possible privacy concern
16 | * Link entity parsing adjusted (now includes links preceded by parenthesis)
17 | * Message streams now allow negative `count` (`?count=-4`)
18 | * App Streams now can differentiate between revised, reposted, and newly created or deleted posts
19 |
20 | ### Fixes
21 |
22 | * Numerous possible edge cases with app streams returning partial objects
23 |
24 | *Released 2017-11-30*
--------------------------------------------------------------------------------
/changes/0.7.6.md:
--------------------------------------------------------------------------------
1 | ## [v0.7.6](https://pnut.io/docs/changes/0.7.6) {#0.7.6}
2 |
3 | This is a bug fix update to pnut.io.
4 |
5 | ### Features
6 |
7 | * Option to require OTP passwords for password flow authentications
8 |
9 | ### Changes
10 |
11 | * One-Time Passwords now create a short random string for a name, instead of user input
12 | * More clarity on profile update form
13 | * MFA login now allows "Remember login" cookie but requires the TOTP code. A failed attempt or leaving the page will unset the "Remember login" cookie.
14 | * Web Flows and Password Flow return much more specific feedback when something is not set properly
15 |
16 | ### Fixes
17 |
18 | * Password form validation required a digit and uppercase, which is not supposed to be required anymore
19 | * Failed MFA login would redirect to the normal login without client authorization details, if they had been set
20 |
21 | *Released 2017-12-10*
--------------------------------------------------------------------------------
/changes/0.7.7.md:
--------------------------------------------------------------------------------
1 | ### Features
2 |
3 | * API Documentation app can be authorized, allowing you to make API calls from documentation and see the response live. The examples are editable on-page
4 |
5 | ### Changes
6 |
7 | * Link parsing improvements
8 | * Adjusted notification email timing
9 | * Post and message URI Templates must use `{object_id}` instead of `{post_id}` in links
10 | * Documentation includes type of access token required for endpoints (app vs user)
11 |
12 | ### Fixes
13 |
14 | * Failed login went to MFA login
15 | * `content.html` now begins with `` instead of `` to follow [microdata spec](http://schema.org/docs/gs.html#microdata_itemscope_itemtype)
16 |
17 | *Released 2018-01-14*
--------------------------------------------------------------------------------
/changes/0.8.0.md:
--------------------------------------------------------------------------------
1 | ## [v0.8.0](https://pnut.io/docs/changes/0.8.0) {#0.8.0}
2 |
3 | ### Features
4 |
5 | * Polls
6 | * New users are highlighted on the Invites page
7 |
8 | ### Changes
9 |
10 | * Emails on account lock out and new recent IP login
11 | * Password Flow authorization emails now express what new scopes are authorized
12 | * Basic stats are public
13 | * `avatar_image` included in channels when `?include_limited_users=1` query parameter is set
14 | * Links with emoji in the domain are recognized as links
15 | * @xyz's app *Beta* now uses the subdomain https://beta.pnut.io and is encouraged as users' first app
16 |
17 | ### Fixes
18 |
19 | * Text file encoding was ignored on upload
20 | * File names used the file token for its name when downloaded, instead of original file names
21 | * Some instabilities with database handling/what happened if there was a bug
22 | * Users could make their own posts trend
23 |
24 | *Released 2018-03-24*
--------------------------------------------------------------------------------
/changes/0.9.0.md:
--------------------------------------------------------------------------------
1 | ## [v0.9.0](https://pnut.io/docs/changes/0.9.0) {#0.9.0}
2 |
3 | ### Features
4 |
5 | * User Streams (user-specific websockets, like App Streams for individual users)
6 | * Invited users now have 512MiB of free storage, ensuring everyone has some free storage
7 | * Users may gift Pnut Badges to other users
8 | * Basic poll search
9 | * Get multiple polls by ID in a single call
10 | * Bookmarks may be saved with `note`, which is only visible to the user who bookmarked it, when retrieving their own bookmarks
11 | * Clients can limit what scopes can be authorized
12 | * `/sys/stats` now includes `counts.clients.public`, tracking clients that are "active/public" and usable by more than just a single user
13 | * Alternative API domain https://pnut-api-1.org
14 | * App Streams messages and posts now include `meta.suppress_notifications`, and `meta.subscribed_user_ids` to simplify notifications
15 | * `include_replies` and `include_mention_posts` query parameters for post streams
16 | * `has_mentions` post search filter
17 |
18 | ### Changes
19 |
20 | * Requesting account deletion requires password verification
21 | * Only human account-types can respond to polls
22 | * `is_your_response` on poll options changed to `true` or `false` from `1` or `0`
23 | * App Streams now have connection- and subscription-level query parameters
24 | * App Streams objects are more consistent
25 | * User tokens return with `storage.total` in addition to `storage.available`.
26 |
27 | ### Fixes
28 |
29 | * Some old avatars were not deleted
30 | * `/users/{id}/cover` was not redirecting properly
31 | * "Account locked out" was logged after single failed login attempt
32 | * `include_user=0` returned empty string instead of user's ID for embedded users on file objects
33 | * Following a user in rapid succession could cause multiple listings of a user in your follows or followings
34 |
35 | *Released 2018-08-13*
--------------------------------------------------------------------------------
/changes/0.9.1.md:
--------------------------------------------------------------------------------
1 | ### Features
2 |
3 | * Badge directory, earning, assigning, and setting by clients
4 | * Added `mime_types` filter to files
5 | * Added `+io.pnut.core.user` raw replacement value
6 | * Post search and channel message endpoints are accessible from RSS
7 | * New `poll_response` interaction when someone responds to your poll
8 | * New `/users/me/polls/responses` endpoint
9 |
10 | ### Changes
11 |
12 | * Improved documentation
13 | * Alternative `/users/me/interactions` and `/posts/{post_id}/interactions` endpoints
14 | * Tweaked post search
15 | * Small performance improvements to all POST calls
16 |
17 | ### Fixes
18 |
19 | * Audio file attached via oEmbed had faulty `url_expires_at`
20 | * Server-side flow didn't preserve `state` parameter
21 | * Could not delete polls
22 | * Deleted messages didn't send over user and app streams
23 |
24 | *Released 2018-09-13*
--------------------------------------------------------------------------------
/changes/0.9.2.md:
--------------------------------------------------------------------------------
1 | ### Features
2 |
3 | * Allow `/text/process` to render messages instead of posts, with a query parameter
4 | * File `kind` can be inferred from file extension
5 | * `io.pnut.core.channel-invite` raw now attaches the related channel's `name`, if a "chat" channel
6 | * Markdown links with titles will show `title` on the object, not just embedded in `html`
7 | * Users can specify link template used in notification E-mails
8 |
9 | ### Changes
10 |
11 | * Improved documentation for searches, and templatized API example responses
12 | * Known file extensions will be normalized lowercase
13 | * Ellipsis (`…`) is ignored at the end of inline links
14 | * Improved duplicate post handling
15 | * Links handle parentheses more naturally
16 | * Repost and bookmark E-mail notifications include the post's text
17 | * Developer accounts are now a one-time fee of $42, instead of an annual subscription
18 | * Tags can still include underscores in text and html, but lookups ignore them
19 |
20 | ### Fixes
21 |
22 | * Account data page wouldn't show usage for non-Badge-holders
23 | * Newly invited users did not register following the inviter
24 | * oEmbed `raw` was accepting strings and non-Integer numbers for image width and height
25 | * Gifted Pnut badges weren't accepted for one case
26 | * Authorizing new client email included an empty client name
27 | * `redirect_uri`s with special schemes (not "https") weren't recognized
28 | * Post and message length was calculated with an approximation, now it uses the same calculation as in actual rendering
29 | * Post search failed for some lookup combinations
30 |
31 | *Released 2018-12-31*
--------------------------------------------------------------------------------
/changes/0.9.3.md:
--------------------------------------------------------------------------------
1 | ### Features
2 |
3 | * E-mail "poll finished" notifications
4 | * JPEG images with EXIF data will be rotated, and EXIF data will be stripped
5 | * `GET /clients/{id}` includes the client's logo, if it has one
6 | * `io.pnut.core.chat`-type message RSS feeds include the channel's name in the title and description
7 |
8 | ### Changes
9 |
10 | * Poll responses can be changed until a poll closes
11 | * Any member of a private message can sticky messages for the group
12 | * E-mail notifications always include "canonical" links, even if custom links are set in notification settings
13 | * `suppress_notifications` on App Streams now includes muted users
14 |
15 | ### Fixes
16 |
17 | * Error updating user badges
18 |
19 | *Released 2019-04-07*
--------------------------------------------------------------------------------
/changes/0.9.4.md:
--------------------------------------------------------------------------------
1 | ### Features
2 |
3 | * `GET /sys/stats` includes `data.counts.users.today`, which is unique account IDs accessed in the current UTC day
4 | * Entities now include `gopher://` links in addition to `http://`, `https://`, and `ftp://`
5 | * Polls can optionally allow users to select multiple options, up to `max_options`
6 | * Channel search can be ordered by `popularity`--how many messages have been made in the channel
7 | * Channel search includes a basic text query of chat room names and descriptions
8 | * `io.pnut.core.fallback_url` added to `raw` elements
9 |
10 | ### Changes
11 |
12 | * Reposts include their reposted posts' `raw`
13 | * `GET /users/{id}/presence` and `GET /presence` return limited users including avatar image, username, name
14 | * `GET /token` now includes `markdown_text`
15 | * Account badge and payment pages have been reorganized
16 |
17 | ### Fixes
18 |
19 | * E-mail notifications for polls closing occurred regardless of notification setting
20 | * Notification custom links not recognized
21 | * Unmuting from Pnut.io
22 | * First-time authorization after TOTP login failing to return Oauth state
23 | * Post search and user file retrieval edge cases
24 | * Documentation includes examples for user streams
25 | * `markdown_text` on `GET /users/me` parsed some links improperly
26 |
27 | *Released 2019-08-03*
--------------------------------------------------------------------------------
/changes/0.9.5.md:
--------------------------------------------------------------------------------
1 | ### Features
2 |
3 | * New `video` file standardization, on file uploads and oembeds
4 | * Revert user images to defaults (`DELETE /users/me/cover` and `DELETE /users/me/avatar`)
5 | * Invites now include a link to a QR code image of the invite, in addition to the copyable link and E-mail options
6 | * When authorizing an app, users can directly uncheck requested permissions they do not want to allow
7 | * The website defaults to light-mode, and uses CSS preferences for showing dark-mode
8 | * Channel Search endpoint as RSS feed
9 |
10 | ### Changes
11 |
12 | * `io.pnut.core.crosspost`-type raw items expanded with options for external user representation
13 | * `embeddable_url` in oEmbeds now can use template URIs (`{object_id}`)
14 | * `max_options` on polls can now be the total number of options, instead of one less than the total
15 | * File `name` can be inferred from the uploaded file's name, if not included in the POST
16 | * When a user no longer has any access tokens for an app, the app's scopes will be revoked, and the user will have to re-authorize scopes the next time a token is created
17 | * Sending a message to User or App streams (websockets) will return a "pong" response
18 | * User and App streams require a "ping" every 60 seconds, instead of every 50 seconds
19 |
20 | ### Fixes
21 |
22 | * Personal data export files in zip file are now encoded properly for UTF-8
23 | * `https://photos.pnut.io/{post_id}/{image_placement_order}` and `https://photos.pnut.io/{file_id}` oembed links now temporarily redirect to post threads on Beta
24 | * Poll notifications could fire multiple times for a single participant
25 | * Saving Invite notes redirected to a 404
26 | * Upgrading to developer account failed
27 | * Some complex channel searches would fail
28 |
29 | *Released 2020-01-01*
--------------------------------------------------------------------------------
/changes/0.9.6.md:
--------------------------------------------------------------------------------
1 | *Released on *
2 |
3 | ### Features
4 |
5 | __Used invites view__
6 |
7 | In your account, you can now see your invites that have been used, from https://pnut.io/account/used_invites.
8 |
9 |
10 | __Simple QR code invite__
11 |
12 | You can easily pull up a *random*, unused invite as a QR code, by clicking the button "Grab an Invite" at the top right of the [Invites](https://pnut.io/account/invites) page in your account, or by going directly to https://pnut.io/account/invite_8. This could be helpful when you want to share an invite with a friend or acquaintance in-person.
13 |
14 |
15 | __Chat room E-mail notifications__
16 |
17 | Enabled in your account under [Notifications](https://pnut.io/account/notifications), you can receive E-mails from Pnut for chat room activity like you already may receive Private Message notifications.
18 |
19 |
20 | __RSS feed URI templates__
21 |
22 | Now [RSS feeds](https://pnut.io/docs/resources/other/rss#template-uris) can use URI templates to create app-specific links to messages and posts from the feeds. Previously, a user's feed reader would always link them to a message or post on https://beta.pnut.io. This worked for posts, but if you had a custom channel type, it never made sense to send a reader to Beta, because Beta can only understand chat room- and private message-type channels.
23 |
24 |
25 | __MFA backup code__
26 |
27 | Now when adding multi-factor authentication to your account login, under account [Security](https://pnut.io/account/security#mfa), you will be given a backup code that can be used to disable MFA on your account, in case your device becomes damaged or inaccessible.
28 |
29 |
30 | __E-mail notification link presets__
31 |
32 | Under account [Notifications](https://pnut.io/account/notifications#advanced), you can choose to link to a specific client for a mention, PM, or chat activity. By default, Pnut's E-mails link to the Beta app. But you could choose to link to open in ChimPnut, for example.
33 |
34 | Now those E-mail notifications have a handful of preset "clients" to choose from, in addition to the custom options. (If you are developing an application and would like yours included in the presets, contact support.)
35 |
36 |
37 |
38 | ### Changes
39 |
40 |
41 | __"API changes" documentation__
42 |
43 | Now API releases have their own pages with more fleshed-out descriptions of changes, instead of only one-liners.
44 |
45 |
46 | __Markdown link length calculation documentation__
47 |
48 | Markdown link length is somewhat nuanced, so its calculation has been [added to the API documentation](https://pnut.io/docs/implementation/entities#markdown-links). Nothing is changing here, but it is worth calling out in case your client is handling it improperly or you were curious.
49 |
50 |
51 | __Marking all of a channel type as "read"__
52 |
53 | * `GET /users/me/channels/num_unread/pm`
54 | * `DELETE /users/me/channels/num_unread/pm`
55 | * [`GET /users/me/channels/num_unread`](https://pnut.io/docs/resources/channels/lookup#delete-users-me-channels-num_unread)
56 | * [`DELETE /users/me/channels/num_unread`](https://pnut.io/docs/resources/channels/lookup#delete-users-me-channels-num_unread)
57 |
58 | The two unread PM endpoints were for getting a count of unread private messages or marking all PMs as "read". Those two endpoints still exist but are being deprecated in favor of a generic endpoint for getting any channel types' unread counts, and marking any channel types' channels as "read". Two new endpoints have been added to be used to mark any channel type as "read" with the query parameter `?channel_types` and a CSV of up to 10 of the channel types desired.
59 |
60 |
61 | __Unread chat room count on subscribed channels__
62 |
63 | * [`GET /users/me/channels/subscribed`](https://pnut.io/docs/resources/channels/subscribing#get-users-me-channels-subscribed)
64 |
65 | The call to a user's subscribed channels now includes `meta.unread_counts.io.pnut.core.chat`, making it easier for a client to know if there are unread chat rooms.
66 |
67 |
68 | __Message search "replies" flag__
69 |
70 | * [`GET /channels/messages/search`](https://pnut.io/docs/resources/messages/search)
71 |
72 | The message search endpoint used to ignore the `?is_reply` query parameter unless it was set to `1` (true).
73 |
74 | Now this parameter will respect `?is_reply=0` or `?is_reply=1`, but still be ignored if it is unset or `?is_reply=`. You may look for messages that are not replies, now. If your client has been setting this parameter to `0` when not in use, it may have unexpected results.
75 |
76 | This behavior for booleans in the API, to be set true, false, or not set, will likely spread in future releases.
77 |
78 |
79 | __More flexible user messages scopes__
80 |
81 | * [`GET /users/me/messages`](https://pnut.io/docs/resources/messages/lookup#get-users-me-messages)
82 |
83 | The user messages endpoint no longer requires full `messages` or `public_messages` scopes, but can use extended scopes like most other messages endpoints.
84 |
85 |
86 | ### Fixes
87 |
88 | __Localizations__
89 |
90 | Localization files are live again on Pnut.io, and contributors are updating their files. Thanks to [@akr](https://pnut.io/@akr), [@ericd](https://pnut.io/ericd), [@hutattedonmyarm](https://pnut.io/@hutattedonmyarm) for translations!
91 |
92 |
93 | __Poll search order__
94 |
95 | * [`GET /polls/search`](https://pnut.io/docs/resources/polls/search)
96 |
97 | When searching for polls, the API had options for ordering results in descending order by `id` or by `closed_at`, but `closed_at` actually was expecting the query parameter `created_at`.
98 |
--------------------------------------------------------------------------------
/changes/1.1.0.md:
--------------------------------------------------------------------------------
1 | *Released on *
2 |
3 |
4 |
5 |
6 | ### Features
7 |
8 | #### "Welcoming committee" option for email digests
9 |
10 | In your [account notifications](https://pnut.io/account/notifications), you can now enable regular digest E-mails that include "New users and posts from infrequent users". There was already an option to receive similar posts from people you follow, but now you can receive notices for posts from people you don't follow.
11 |
12 | #### User followers and following can be ordered by last_post_id, followed_at, id
13 |
14 | Sorting following lists can help you find more relevant users more easily. Could be interesting to pull up folks you haven't heard from recently, or sort by when they joined the network, for example.
15 |
16 | #### User search can filter by is_following, is_follower
17 |
18 | Limiting searches to `is_following=0` will only show users you aren't already following, while `is_follower=1` would only show users that do follow you.
19 |
20 | #### New "256" post explore stream
21 |
22 | A Post explore stream has been added which only shows posts that are 256 characters long.
23 |
24 |
25 | ### Fixes
26 |
27 | #### Personal Data Request Broken on v1
28 |
29 | Fixed
30 |
31 | #### Not all Chat Room HTML Converted to Entities
32 |
33 | Fixed
34 |
35 | #### Changing account to bot does not properly register it as bot
36 |
37 | A few endpoints still recognized users as "human"-type.
38 |
39 | #### Changing account to feed left some follower data intact
40 |
41 | Now properly handles removing followers.
42 |
43 | #### Developers could not create new clients
44 |
45 | Client creation restored.
46 |
47 | #### V0 Poll raw was showing in new v1 format
48 |
49 | Reworked to show old style when pulling up from V0.
50 |
51 | #### Channel Subscribers sometimes showing duplicates
52 |
53 | Now only one of a subscriber will show.
--------------------------------------------------------------------------------
/changes/1.2.0.md:
--------------------------------------------------------------------------------
1 | *Released on *
2 |
3 |
4 |
5 |
6 | ### Features
7 |
8 | #### Suggested Users
9 |
10 | * `GET /users/suggested`
11 |
12 | This new endpoint provides a simple jumping off point for finding users. It's not complex. Hopefully works for users with no followers and users with some followers.
13 |
14 | #### User Presence in app streams and user streams
15 |
16 | The `presence` scope can be requested by a user or app stream, showing instant updates to users' presences.
17 |
18 | #### Files include lists of objects they are attached to
19 |
20 | Now file objects include a list of the messages, polls, and posts that they have been attached to any, under `attached_to`. This helps determine what would be impacted if you deleted the file, and track down how you've used a file.
21 |
22 | - https://docs.pnut.io/resources/files#file-fields
23 |
24 | #### Exclude users from post search
25 |
26 | When searching posts, you can provide a list of user IDs to the query field `exclude_user_ids` to exclude from the results. This could be useful if a particular user posts a lot about something and you want to see anyone else, or if you want to exclude yourself from a search.
27 |
28 | - https://docs.pnut.io/resources/posts/search#get-posts-search
29 |
30 | #### Chat room names in E-mail digests
31 |
32 | E-mail digest notifications will now include chat room names, if the channel is a chat room-type.
33 |
34 | Manage them from https://pnut.io/account/notifications#digest.
35 |
36 |
37 | ### Changes
38 |
39 | #### Follower data in user export
40 |
41 | Exporting your data now includes your followers and following users.
42 |
43 |
44 | ### Fixes
45 |
46 | #### Stickying message without authentication returned nothing
47 |
48 | Now stickying a message without authentication will return a proper error message.
49 |
50 | #### User clients count missing on App Streams
51 |
52 | When a User object came across an App Stream, it did not include `counts.clients`.
53 |
54 | #### Bitrate field for Audio file raw
55 |
56 | Audio files embedded in another object's `raw` data did not properly reference its bitrate.
57 |
58 | #### Some calls not finding scopes when calling unauthenticated
59 |
60 | Sometimes calling an endpoint that required authentication would fail and not explain itself.
61 |
62 | #### V0 File Delete returns 404
63 |
64 | Now it returns the deleted file info as expected.
65 |
66 | #### V0 User Presence update response not consistent
67 |
68 | It was returning unexpected objects.
69 |
--------------------------------------------------------------------------------
/changes/1.3.0.md:
--------------------------------------------------------------------------------
1 | *Released on *
2 |
3 |
4 |
5 |
6 | ### Features
7 |
8 | #### Per-Channel User Presence
9 |
10 | * `GET /channels/{channel_id}/presence`
11 | * `GET /users/{user_id}/presence/channels/{channel_id}`
12 | * `PUT /users/me/presence/channels/{channel_id}`
13 |
14 | A user's presence can be set for a specific channel, separately from its global User Presence. You can have per-channel statuses, or overload the functionality for an ephemeral chat.
15 |
16 | * https://pnut.io/docs/resources/channels/presence
17 |
18 |
19 | #### User Presence timeout configurable
20 |
21 | * `PUT /users/me/presence`
22 | * `PUT /users/me/presence/channels/{channel_id}`
23 |
24 | You can now set the expiration for a User Presence or Channel User Presence, up to 7 days, by including a timestamp for field `expiration`.
25 |
26 | * https://pnut.io/docs/resources/users/presence#put-users-me-presence
27 |
28 |
29 | #### Delete multiple files at once
30 |
31 | * `DELETE /files?ids=1,2,3`
32 | * `GET /sys/ops/{uuid}`
33 |
34 | The bulk file delete endpoint can delete up to 200 files at once. Because many files may be involved (and derivative files!), the endpoint will just return the File IDs it is deleting, and an endpoint you can poll for status of the job, in `meta.status_url`.
35 |
36 | * https://pnut.io/docs/resources/files/lifecycle#delete-files
37 |
38 |
39 |
40 | ### Fixes
41 |
42 | #### Revising Post not checking entities
43 |
44 | A revised post must retain the same links, mentions, and tags as the original post. Revising a post was not properly guarding against them changing.
45 |
46 | #### Post search by `raw_types` failing
47 |
48 | 500 error.
49 |
50 | #### Data export file name referred to wrong username
51 |
52 | The ZIP file would have a different username on it.
53 |
54 | #### V0 System Stats endpoint failing
55 |
56 | 500 error.
57 |
58 | #### V0 Client link entities wrong
59 |
60 | On v0 API calls, clients would refer to `url` instead of `link` in some cases.
61 |
--------------------------------------------------------------------------------
/how-to/channel-permissions.md:
--------------------------------------------------------------------------------
1 | # How To Manage Channel Permissions
2 |
3 | Channels have three groups that determine who can read, write, and manage the channel: `full`, `write`, `read`.
4 |
5 | ```json
6 | "acl":{
7 | "full":{
8 | "immutable":false,
9 | "you":true,
10 | "user_ids":[]
11 | },
12 | "write":{
13 | "any_user":true,
14 | "immutable":false,
15 | "you":true,
16 | "user_ids":[]
17 | },
18 | "read":{
19 | "any_user":true,
20 | "immutable":false,
21 | "public":false,
22 | "you":true,
23 | "user_ids":[]
24 | }
25 | }
26 | ```
27 |
28 | Users can't be in multiple groups. The higher-access groups inherit the lower functionality as well; someone who can manage a channel can write and read, and someone who can write, can read.
29 |
30 | The user who creates the channel automatically has `full` access, but is the `user` in the channel object, not in the ACL proper. The owner can be changed later.
31 |
32 |
33 | ## Permissions
34 |
35 | ### user
36 |
37 | * Deactivate the channel
38 | * Edit `full` access group
39 | * Change the owner of the channel
40 |
41 |
42 | ### full
43 |
44 | * Edit the channel and the `read` and `write` ACLs
45 | * Delete any messages from the channel
46 |
47 |
48 | ### write
49 |
50 | * Write messages to the channel
51 |
52 |
53 | ### read
54 |
55 | * Read and subscribe to the channel and messages in it
56 |
57 |
58 | ## Immutability
59 |
60 | By default, all ACLs are "mutable". They can change. Once set "*im*mutable", they can no longer be changed.
61 |
62 | The exception to this is `read.any_user`, which will still inherit `write.any_user` changing to `true` even if `read.immutable: true`.
63 |
64 | When you create a channel, be sure not to make an ACL immutable if you think you will want to change it later.
--------------------------------------------------------------------------------
/how-to/channels-acl.md:
--------------------------------------------------------------------------------
1 | # How To: ACL
2 |
3 | Channels have three groups that determine who can read, write, and manage the channel. Users can't be in multiple groups. The higher-access groups inherit the lower functionality as well; someone who can manage a channel can write and read, and someone who can write, can read. The user who creates the channel automatically and irrevocably has `full` access, but is the `owner` user in the channel object, not in the ACL proper.
4 |
5 |
6 | ```json
7 | "acl":{
8 | "full":{
9 | "immutable":false,
10 | "you":true,
11 | "user_ids":[]
12 | },
13 | "write":{
14 | "any_user":true,
15 | "immutable":false,
16 | "you":true,
17 | "user_ids":[]
18 | },
19 | "read":{
20 | "any_user":true,
21 | "immutable":false,
22 | "public":false,
23 | "you":true,
24 | "user_ids":[]
25 | }
26 | }
27 | ```
28 |
29 | ## Permissions
30 |
31 | ### owner
32 |
33 | * Deactivate the channel.
34 | * Edit `full` access group.
35 |
36 |
37 | ### full
38 |
39 | * Edit the channel and the `read` and `write` ACLs
40 | * Delete any messages from the channel.
41 |
42 |
43 | ### write
44 |
45 | * Write messages to the channel.
46 |
47 |
48 | ### read
49 |
50 | * Read and subscribe to the channel and messages in it.
51 |
52 |
53 | ## Immutability
54 |
55 | By default, all ACLs are "mutable". They can change. Once set "*im*mutable", they can no longer be changed. The exception to this is `any_user` on `read`. If `any_user` on `write` changes from false to true, `read`'s `any_user` will still inherit it.
56 |
57 | When you create a channel, be sure not to make an ACL immutable if you think you will want to change it later.
--------------------------------------------------------------------------------
/how-to/channels-pm.md:
--------------------------------------------------------------------------------
1 | # How To: Private Message
2 |
3 | Private messages are special channels with the restricted `io.pnut.core.pm` channel type. They cannot be directly created or deactivated, and they're completely immutable (you cannot change who is included in the channel). This makes the "owner" of the channel irrelevant.
4 |
5 |
6 | ## Creation
7 |
8 | Channel creation is handled by Pnut.
9 |
10 |
11 | ## Sending a Message
12 |
13 | To send a message to other users, you need to know all of the users you will be sending the message to, or the ID of an already-created channel. If you know the channel, you may create a message in it just like you would any other channel. If you do not, or it has not been created yet, you can create an `application/json`-encoded message with the `channel_id` of "pm", and a special list in the JSON of `destinations`, listing all users by "@username" or their user ID.
14 |
15 | ```bash
16 | curl "https://api.pnut.io/v0/channels/pm/messages" \
17 | -H "Authorization: Bearer ${ACCESS_TOKEN}" \
18 | -H "Content-Type: application/json" \
19 | -d "{
20 | \"text\":\"We should make great things.\",
21 | \"destinations\":[
22 | 1,5,\"@ericd\"
23 | ]
24 | }" \
25 | -X POST
26 | ```
27 |
28 | In every other way, they can be treated like other channels and messages. Note that the "owner's" ID will not be in the write-access ACL, but they will not function any differently from anyone else.
29 |
30 |
31 | ## Existing PM Channels
32 |
33 | If you want to see a PM channel between specific users without sending a message, you can use the [Existing PM endpoint](../resources/channels/lookup#get-users-me-channels-existing_pm) to find the channel ID.
34 |
35 |
36 | ## ACL
37 |
38 | ```json
39 | "acl":{
40 | "full":{
41 | "immutable":true,
42 | "you":true,
43 | "user_ids":[]
44 | },
45 | "write":{
46 | "any_user":false,
47 | "immutable":true,
48 | "you":true,
49 | "user_ids":[1,5,20]
50 | },
51 | "read":{
52 | "any_user":false,
53 | "immutable":true,
54 | "public":false,
55 | "you":true,
56 | "user_ids":[]
57 | }
58 | }
59 | ```
--------------------------------------------------------------------------------
/how-to/chat-rooms.md:
--------------------------------------------------------------------------------
1 | # How To Create a Chat Room
2 |
3 | Chat rooms are a special core Pnut channel type, `io.pnut.core.chat`. They can be searched by category in addition to the ways other channels can be searched, and also have first-party E-mail notification support.
4 |
5 | * [Channel type](https://github.com/pnut-api/object-metadata/blob/master/channel-types/io.pnut.core.chat.md)
6 |
7 | The channel will have to be created with the `io.pnut.core.chat-settings` raw item.
8 |
9 | * [Chat Settings type](https://github.com/pnut-api/object-metadata/blob/master/raw/io.pnut.core.chat-settings.md)
10 |
11 | ### JSON Example Channel with Raw Item
12 |
13 | ```json
14 | {
15 | "type": "io.pnut.core.chat",
16 | "acl": {
17 | "write": {
18 | "any_user": true
19 | }
20 | },
21 | "raw": {
22 | "io.pnut.core.chat-settings": [
23 | {
24 | "name": "Frederick's Music Lounge",
25 | "description": {
26 | "text": "A musical interlude for music-lovers"
27 | },
28 | "categories": ["community"]
29 | }
30 | ]
31 | }
32 | }
33 | ```
34 |
35 | Returns a channel object with
36 |
37 | ```json
38 | {
39 | "type": "io.pnut.core.chat",
40 | ...
41 | "raw": {
42 | "io.pnut.core.chat-settings": [
43 | {
44 | "name": "Frederick's Music Lounge",
45 | "description": {
46 | "entities": {
47 | "links": [],
48 | "mentions": [],
49 | "tags": []
50 | },
51 | "html": "A musical interlude for music-lovers",
52 | "text": "A musical interlude for music-lovers"
53 | },
54 | "categories": ["community"]
55 | }
56 | ]
57 | }
58 | }
59 | ```
60 |
61 |
62 | More options for the raw item are found in the community git repository linked above.
63 |
64 | Creating a chat room is executed like any other channel, with [POST /channels](../resources/channels/lifecycle#post-channels).
65 |
66 | ### Optional Improvements to Rooms
67 |
68 | #### Image for the Room
69 |
70 | Images representing the room may be added with the [avatar image](https://github.com/pnut-api/object-metadata/blob/master/raw/io.pnut.core.channel.avatar.md) and [cover image](https://github.com/pnut-api/object-metadata/blob/master/raw/io.pnut.core.channel.cover.md).
71 |
72 | #### Broadcast to Global
73 |
74 | Clients often allow users to "broadcast" a message from a public channel to the Global post stream.
75 |
76 | To do that, create a post with a [channel invite](https://github.com/pnut-api/object-metadata/blob/master/raw/io.pnut.core.channel.invite.md) attached, referencing the channel ID.
77 |
78 | Then create an identical message in the channel, with a [broadcast notice](https://github.com/pnut-api/object-metadata/blob/master/raw/net.patter-app.broadcast.md) on it referencing the ID of the post that was just created.
79 |
80 | ####
--------------------------------------------------------------------------------
/how-to/dynamic-polling.md:
--------------------------------------------------------------------------------
1 | # How To Dynamically Update Polling Streams
2 |
3 | When polling a stream of posts like the global feed, or messages in a channel, there is a way to catch updates on deleted and revised posts.
4 |
5 | When polling using `since_id` pagination, the `meta` object on the stream will include lists `meta.deleted_ids` and `meta.revised_ids` if a post has been deleted or revised after the ID of `since_id` was created.
6 |
7 | For example: my client is making the request `curl "https://api.pnut.io/v1/posts/streams/global?since_id=500"`, when `500` is the latest post in the stream. Someone deletes their post `244`. The next time my client requests global with `since_id=500`, this is what I get back:
8 |
9 | ```json
10 | {
11 | "meta": {
12 | "more": false,
13 | "code": 200,
14 | "deleted_ids": [
15 | "244"
16 | ]
17 | },
18 | "data": []
19 | }
20 | ```
21 |
22 | Knowing this, my client can determine if post `244` is being displayed, and update its view to show that the post is now deleted.
23 |
24 | The same is true for revised posts, and deleted messages. The client, knowing that a post is revised, could automatically make a call to `GET /posts?ids=244`, for whatever posts were revised that were also being displayed.
25 |
26 | This is most useful when a client is polling forward, though; note that the sample of deleted and revised posts is not capped going forward. If you made a call with `since_id=200` and 40 posts had been deleted since post `200` was created, you would get all of those IDs. So it is not very useful when a client is pulling up old, cached posts (a fresh request of old posts would include the deleted or revised posts' most recent state, rendering "updates" like these irrelevant).
--------------------------------------------------------------------------------
/how-to/overview.md:
--------------------------------------------------------------------------------
1 | # How To
2 |
3 | Here be explanations of dragons.
4 |
5 | If there is an area of the API that usually has an expected or common pattern, or a place that is particularly tricky to get right, we will write an explanation as a How To.
6 |
7 | These are what we have so far:
8 |
9 | | Code | 64 |Description | 65 |
|---|---|
200 OK |
70 | The request was successful. | 71 |
204 No Content |
74 | Returned when retrieving an incomplete file or when uploading file content to an incomplete file. | 75 |
302 Found |
78 | Redirection to the final destination of a resource. Returned when retrieving user avatar, or a cover image. | 79 |
400 Bad Request |
82 | The API request was malformed in some way. A message should be returned that indicates how this request can be fixed. | 83 |
401 Unauthorized |
86 | A token is required. If you passed a token, a message should indicate why this token is not authorized. | 87 |
403 Forbidden |
90 | The token you are providing doesn't have the right to perform the request. Please check that your token is of the correct type and has the required scope. | 91 |
404 Not Found |
94 | The requested resource was not found. | 95 |
429 Too Many Requests |
98 | The request could not be completed due to a rate limit. Please wait at the number of seconds specified in the Retry-After header before you retry this request. |
99 |
500 Internal Server Error |
102 | An unexpected server error has occurred. Talk to pnut.io support to solve the issue. | 103 |
507 Insufficient Storage |
106 | The request couldn't be completed because the authorized user has hit a quota limit. This could be returned when trying to upload a file. The current token information's data.storage.available key can help an app avoid this error. |
107 |
| Field | 95 |Type | 96 |Description | 97 |
|---|---|---|
created_at |
100 | string | 101 |Time at which the operation was created, in ISO 8601 format; YYYY-MM-DDTHH:MM:SSZ. | 102 |
ended_at |
105 | string | 106 |Optional time at which the operation was completed, in ISO 8601 format; YYYY-MM-DDTHH:MM:SSZ. | 107 |
id |
110 | string | 111 |UUID that identifies the operation. | 112 |
type |
115 | string | 116 |Currently only file_delete |
117 |
status |
120 | string | 121 |One of running, dead, completed. |
122 |
| Field | 25 |Type | 26 |Description | 27 |
|---|---|---|
avatar_image |
30 | string | 31 |URL linking to the current avatar image. | 32 |
id |
35 | string | 36 |Primary identifier for the user that made the update. | 37 |
last_seen_at |
40 | string | 41 |Optional time at which the presence was updated, in ISO 8601 format; YYYY-MM-DDTHH:MM:SSZ. | 42 |
name |
45 | string | 46 |Optional user-supplied name. All Unicode characters allowed. Maximum length 50 characters. Be sure to escape if necessary. | 47 |
presence |
50 | string | 51 |Updated user presence, up to 100 characters. | 52 |
username |
55 | string | 56 |Username of the user that made the update. Case sensitive. 20 characters, may only contain a-z, 0-9 and underscore. | 57 |