about summary refs log tree commit diff
path: root/docs/Using-the-API/Testing-with-cURL.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/Using-the-API/Testing-with-cURL.md')
-rw-r--r--docs/Using-the-API/Testing-with-cURL.md16
1 files changed, 16 insertions, 0 deletions
diff --git a/docs/Using-the-API/Testing-with-cURL.md b/docs/Using-the-API/Testing-with-cURL.md
new file mode 100644
index 000000000..977773a08
--- /dev/null
+++ b/docs/Using-the-API/Testing-with-cURL.md
@@ -0,0 +1,16 @@
+Testing the API with cURL
+=========================
+
+Mastodon builds around the idea of being a server first, rather than a client itself. Similarly to how a XMPP chat server communicates with others and with its own clients, Mastodon takes care of federation to other networks, like other Mastodon or GNU Social instances. So Mastodon provides a REST API, and a 3rd-party app system for using it via OAuth2.
+
+You can get a client ID and client secret required for OAuth [via an API end-point](API.md#oauth-apps).
+
+From these two, you will need to acquire an access token. It is possible to do using your account's e-mail and password like this:
+
+    curl -X POST -d "client_id=CLIENT_ID_HERE&client_secret=CLIENT_SECRET_HERE&grant_type=password&username=YOUR_EMAIL&password=YOUR_PASSWORD" -Ss https://mastodon.social/oauth/token
+
+The response will be a JSON object containing the key `access_token`. Use that token in any API requests by setting a header like this:
+
+    curl --header "Authorization: Bearer ACCESS_TOKEN_HERE" -sS https://mastodon.social/api/statuses/home
+
+Please note that the password-based approach is not recommended especially if you're dealing with other user's accounts and not just your own. Usually you would use the authorization grant approach where you redirect the user to a web page on the original site where they can login and authorize the application and are then redirected back to your application with an access code.