Rest API with NGINX?

I’m trying to figure out how to make the Rest API work within an NGINX system (which obviously doesn’t use .htaccess files). The question becomes, what is the rewrite code for NGINX to allow for the Rest API to work in PHPList 3.4.1? I couldn’t find it in any of the .htaccess files that PHPList installs. Or maybe I missed it.

The redirect rules for apache is in https://github.com/phpList/phplist3/blob/master/public_html/lists/.htaccess#L15

That directs api calls to api.php, which loads all the necessary classes and bootstrap the application.

All the rewrite rule does is redirect calls to /api to api.php.

Thank you Sam.

Now that I’ve set the rewrite rule in NGINX, the output I get from making a call to https://jodywhitesides.com/base/public/api/v2/ or https://jodywhitesides.com/base/public/api/v2/sessions is the following output: This page has been intentionally left empty.

I’m not getting something similar to what the manual says I should get: {“expiry”:“2019-03-31T18:16:42+00:00”,“key”:“24244871cf45aa2f1c0dbddf82b9912b”,“id”:6}

The api cannot be accessed using a Web browser. You should make requests via another application or command line tool like curl. An example PHP implementation is available here.

Looks like the API page in the manual needs updating since 3.4.1, as the access url was updated: https://www.phplist.org/newslist/phplist-3-4-1-release-notes/. The manual should be updated today. You should use http://jodywhitesides.com/lists/api/v2/sessions (or https).

For example, using cURL on a command line:

curl --request POST --url http://jodywhitesides.com/api/v2/sessions --header 'Content-Type: application/json' --data '{"login_name": "admin","password": "phplist"}'

Thank you Sam, after changing the rewrite rule for the url, the curl output I get now is this:

<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

The reason I gave the web output is because I was getting a 404 page not found via my Wordpress install from my curl output. But it’s still not getting the proper output. I’m guessing there is more to the htaccess file than the url to access the API.

I’m not sure about NGINX system, but for Apache you must have mod_rewrite enabled.

You mentioned WordPress - FYI the v2 API is not yet supported by a WordPress plugin.

I’m not familiar enough with nginx to know what 302 may indicate in this case. @duncanc, and @danwaterloo, or @lwc may be available to help.

I’m not attempting to connect via a Wordpress plugin. That being said if a URL is not getting somewhere - Wordpress will step in and delivery a 404 message that the page wasn’t found.

Thus, I’m pretty darn sure that part of the issue lies in translating this bit from the htaccess file:

<FilesMatch “(index.php|dl.php|ut.php|lt.php|download.php|connector.php|api.php)$”>
# Apache < 2.3
< IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
Satisfy All
</ IfModule>
# Apache ≥ 2.3
< IfModule mod_authz_core.c>
Require all granted
</ IfModule>
</ FilesMatch>

And making that work in an NGINX format - unfortunately I don’t know enough about NGINX to know how to make that happen yet. Hopefully someone here does. Once I understand it, I can create a “location” check that will make that code work and that should lead to a working version of the Rest API for PHPList.

Really hoping someone here knows how to translate that.

p.s. please excuse that I don’t know how to paste code into the reply.

Hi, it seems to me if phpList is shipped with .htaccess than it wasn’t designed with NGINX in mind.
However, the code you quoted, jodywhitesides, doesn’t seem to involve any sort of rewrite. It’s just protection against running third party files.
So even if your NGINX ignores it, all it means is that you’re not protected, not that you can’t run API.

I therefore think the problem is not about .htaccess. How exactly do you run the API?

I don’t know how to get the API to run. I’m guessing that is what the code for the IF Module thing is doing. something about authorizing and telling it to allow something. Maybe I’m wrong.

Maybe if I could translate this line: <FilesMatch “(index.php|dl.php|ut.php|lt.php|download.php|connector.php|api.php)$”>

Into NGINX format, it might solve the issue as well. Hoping that could be the case. But I do think something is going on with the mod_authz thing.

The rest of PHPList is running just fine in NGINX. I’m just wanting to add the Rest API for another thing I’ve got going on with some upcoming ads that I’m running. It would be nice to automate putting emails into the database when people have given permission for me to have it for my email list, without having them needing to confirm a 3rd time. As these emails will be coming from a different source other than a sign up box.

Upon further testing… I’ve found that if I directly curl to the api.php file with the curl command from the manual (via shell). I get different output which is this: {“code”:405,“message”:“Method Not Allowed”}

That looks closer to what I should be getting, but is obviously not the right response that I’m looking for.

1 Like

Well, in testing again…

This time I got the correct response. I’m confused. Now the redirect is working and it’s getting the following output:

{“expiry”:“2019-05-13T17:28:42-06:00”,“key”:“1f1bccfa51c05f791e84e7cbb1357276”,“id”:1538}

Can I now assume that the Rest API is considered to be working?

There were two things I had to do with the NGINX config file to make it work, but now it appears to be working. I’ll let you know if I need more help. Seems that I cannot directly reference the api.php with a call - it still tells me the method is wrong. But using the redirect now works. Weird.

This is correct. It’d json stating your new api key. What did you do to the nginx Config to make the redirect work?

It was literally 1 line. I had it wrong the first time which is why I was getting the 302 error.

The one line I needed was:

rewrite ^(/lists/api/v2/.*) /lists/api.php;

And then it worked. As you’ll see, I did start another thread asking about calling the API.

2 Likes

Seems like you quoted the wrong part from .htaccess so I stand by my previous comment.
The relevant part is:

<IfModule mod_rewrite.c>
    Options -MultiViews
    RewriteEngine On
    RewriteRule api/v2/ api.php [L]
</IfModule>

This is indeed the only part in .htaccess that is about mandatory redirection and not optional protection.

Where did you put your special NGINX rewrite ?

I didn’t quote the wrong part, I was attempting to figure out where I was missing information.

To answer your question, I put it above my location blocks.

I meant, if .htaccess is located in the PhpList’s folder, where exactly did you put the NGINX’ equivalent? In which file/folder and how?

Where NGINX redirects are supposed to go, in the NGINX conf file for a domain. It reduced that whole htaccess file to a single line of code in the NGINX conf file - a simple rewrite line for the API location. That was all that was needed.

I’m not sure where else you can put redirects for NGINX. To my knowledge they have to be in the conf file for the domain in question. If you do not have access to that file, I’m guessing you would have to ask your server admin to put it in for you.

1 Like