Status of Authentication for Ghost API

Greetings. I was wondering if I could get an update on the status of the Ghost API, or at least a synopsis of it’s current roadmap. I’m working on creating an iOS app for Ghost in Swift, and I’m happy to do this but I want to have something a little less “hack-y” in place before I put in a lot of work on the providers and models. Specifically I’m asking about the authentication mechanism, as the parts where data is actually retrieved with an authentication key appears to be close-enough to done for my purposes. Perhaps this is more done than the documentation lets on? Ghost has proven to be a great platform, and I hope to contribute to a bright future for the platform on the Apple ecosystem.

@kyuknis it depends if you are trying to write to the API or just read public content. If you are only trying to read public content then you can follow the guide here https://api.ghost.org/docs/ajax-calls-from-an-external-website (although as you’re connecting from an iOS app you don’t need to worry about the trusted domains part).

If you are trying to write by using the private API then the only method is to go through user authentication to get an access/refresh token. The private API is not documented, the best way to examine how it works is to inspect the network requests that the admin area makes (it’s an SPA that uses the private API so you can use web inspector for this).

We are currently in the middle of re-working the API and splitting it into two separate APIs - content and admin - along with new authentication mechanisms. You can follow along on these issues:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.