Installation, Docker networking, tokens and guides in a cleaner single interface.
API for mobile clients, desktop apps and automation around a Militant instance.
Installer · Docker · Quick start · Wiki · Security
The easiest way is to use the dedicated installer:
mkdir -p militant-api-install
cd militant-api-install
curl -fsSLO https://gitlab.com/militant1/api-installer/-/raw/main/militant-api
chmod +x militant-api
./militant-api
The script:
uploads sharing.env.apidocker-compose.api.ymlUseful commands:
./militant-api update./militant-api uninstallDedicated guide: https://gitlab.com/militant1/api-installer
uploadsThe API now exposes a complete mobile Fediverse surface through v1/fediverse.php: local profile, remote followers, remote following, @user@instance lookup, remote profile resolution, follow/unfollow actions, and a synchronized remote post feed. It also automatically triggers ActivityPub broadcasting when creating new posts using RSA HTTP Signatures.
If you prefer to manage Compose yourself:
cp docker-compose.casaos.yml docker-compose.api.yml
docker compose -f docker-compose.api.yml up -d
Main variables:
DB_HOST or API_DB_HOST: MySQL host of the Militant instanceDB_NAME or API_DB_NAME: main database nameDB_USER / DB_PASSWORD: SQL credentialsMAIN_APP_HOST: internal web app URL on the Docker network, for example http://militant-web:80API_UPLOADS_PATH: internal media path, usually /var/www/uploadsAPI_CORS_ORIGINS: * or allowed domain(s)API_REQUIRE_HTTPS: true for public HTTPS productionTo issue LiveKit tokens server-side (POST /v1/lives.php?path=token), configure secrets:
LIVEKIT_URL (wss://...), LIVEKIT_API_KEY, LIVEKIT_API_SECRETconfig/livekit.local.php (generated from the web panel)GET /v1/lives.php?path={id}) may include background_image, which the owner can update through PUT /v1/lives.php?path={id}/background.For reliable mobile calling, especially on 4G/5G, configure a TURN server:
WEBRTC_TURN_URLS, WEBRTC_TURN_AUTH_SECRET, WEBRTC_TURN_TTL, WEBRTC_TURN_REALMconfig/turn.local.php (generated from the web panel)GET /v1/settings.php returns stun_servers, turn_servers, and webrtc_ice_serversWEBRTC_TURN_AUTH_SECRET is set, the API generates temporary HMAC TURN credentials (recommended mode, compatible with coturn use-auth-secret)Web panel (after signing in with a Militant user account):
.../admin/login.php then .../admin/tokens.php.../admin/livekit.php: enter LiveKit credentials (account password required to save) — Militant technicians only (same as web app: users.is_admin = 1; fallback: is_technician or LIVEKIT_TECHNICIAN_USER_IDS).../admin/turn.php: enter TURN / Coturn settings for the API and display the coturn snippet to copyadmin.php?tab=technicians (is_admin promotion / removal).See also .env.example on GitLab for variable names.
Once the API is running:
http://localhost:9082/v1/index.phphttp://localhost:9082/admin/login.phphttp://localhost:9082/admin/livekit.phphttp://localhost:9082/admin/turn.phphttp://localhost:9082/health-public.phpExample:
curl http://localhost:9082/v1/index.phpcurl -X POST http://localhost:9082/v1/auth.php \
-H "Content-Type: application/json" \
-d '{"username":"your_username","password":"your_password"}'
Use the token:
curl http://localhost:9082/v1/posts.php \
-H "Authorization: Bearer YOUR_TOKEN"
Available endpoints:
GET /v1/feature_suggestions.php
GET /v1/feature_suggestions.php?filter=popular
GET /v1/feature_suggestions.php?id=12
GET /v1/feature_suggestions.php?action=stats
POST /v1/feature_suggestions.php
POST /v1/feature_suggestions.php?action=vote
POST /v1/feature_suggestions.php?action=comment
POST /v1/feature_suggestions.php?action=update_status
DELETE /v1/feature_suggestions.php?id=12
Example creation:
curl -X POST http://localhost:9082/v1/feature_suggestions.php \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"title": "Offline mode",
"description": "Allow local consultation of suggestions and status when the network is unavailable."
}'
Private messaging and message groups now support:
parent_idAvailable endpoints:
GET /v1/messages.php?user_id=34
POST /v1/messages.php
POST /v1/messages.php?action=react
DELETE /v1/messages.php?action=react&message_id=56
GET /v1/message_groups.php?path=12/messages
POST /v1/message_groups.php?path=12/messages
POST /v1/message_groups.php?path=messages/78/reactions
DELETE /v1/message_groups.php?path=messages/78/reactions
Additional fields returned for private messages:
parent_idparent_contentparent_sender_usernamereactions_summaryuser_reactionAdditional fields returned for group messages:
parent_idparent_contentparent_usernamereactions_summaryuser_reactionExample reply to a private message:
curl -X POST http://localhost:9082/v1/messages.php \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"user_id": 34,
"content": "Replying to your message",
"parent_id": 56
}'
Example reaction on a private message:
curl -X POST http://localhost:9082/v1/messages.php?action=react \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"message_id": 56,
"reaction": "heart"
}'
Example reply in a group:
curl -X POST http://localhost:9082/v1/message_groups.php?path=12/messages \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"content": "I will take this one",
"parent_id": 78
}'
If you use the dedicated installer:
./militant-api updateOtherwise with manual Docker Compose:
docker compose -f docker-compose.api.yml pull
docker compose -f docker-compose.api.yml up -d
Uninstall:
./militant-api uninstallFor bot and automation integrations, start with the included example: