Militant

FAQ - Frequently Asked Questions

FAQ - Frequently Asked Questions

Installation

Is the API already installed?

No, the API must be deployed separately. It's not included in the default Militant installation.

Do I need to configure anything?

Yes, create an /api/.env file with your Militant instance credentials:

API_DB_HOST=your-militant-db
API_DB_NAME=militant
API_DB_USER=militant
API_DB_PASS=your_password

How do I install the API?

See Installation for Docker or CasaOS guides.

Authentication

How do I get a token?

curl -X POST https://your-instance.com/api/v1/auth.php \
  -H "Content-Type: application/json" \
  -d '{"username": "user", "password": "pass"}'

How long does a token last?

30 days. After expiration, login again to get a new one.

Can I have multiple tokens?

Yes, each login creates a new token. All remain valid until expiration.

How do I revoke a token?

curl -X POST https://your-instance.com/api/v1/auth.php?action=revoke \
  -H "Content-Type: application/json" \
  -d '{"token": "your_token"}'

Usage

What's the request limit?

100-200 requests per hour depending on the endpoint.

How do I upload an image?

curl -X POST https://your-instance.com/api/v1/upload.php \
  -H "Authorization: Bearer TOKEN" \
  -F "media=@photo.jpg" \
  -F "type=posts"

How do I paginate results?

Add ?page=2&limit=20 to your GET requests.

Does the API support CORS?

Yes, CORS is enabled by default for all domains.

Errors

"Invalid or expired token"

Your token has expired. Login again to get a new one.

"Rate limit exceeded"

You've exceeded the request limit. Wait 1 hour.

"Database connection failed"

Check the configuration in /api/.env or MySQL credentials.

"Method not allowed"

You're using the wrong HTTP method (GET instead of POST, etc.)

Configuration

Where are tokens stored?

In the api_tokens table of the Militant database.

Can I change token duration?

Yes, in api/config.php: 'token_lifetime' => 2592000 (in seconds)

Can I disable rate limiting?

Yes, in api/config.php: 'rate_limit_enabled' => false

Security

Is the API secure?

Yes: SHA-256 tokens, rate limiting, data validation, CSRF protection.

Should I use HTTPS?

Yes, strongly recommended to protect tokens in transit.

How do I create a dedicated API user?

CREATE USER 'api_user'@'%' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE, DELETE ON militant.* TO 'api_user'@'%';

Development

Are there SDKs available?

Yes: Python and JavaScript SDKs are available.

Can I test the API locally?

Yes, use docker-compose.yml in the /api/ folder.

How do I enable debug mode?

In /api/.env: API_DEBUG=true

Where can I see logs?

docker logs militant-api -f

Other

Is the API OAuth2 compatible?

Not yet, but it's planned. Currently: simple Bearer tokens.

Can I use the API commercially?

Yes, under AGPL-3.0 license.

How do I contribute?

See the GitLab repository: https://gitlab.com/militant1/millitant

Where do I report a bug?

On GitLab: https://gitlab.com/militant1/millitant/issues

Retour au Wiki