REST API - Friends Endpoint

I’ve hit my first snag this week using the OGS REST API, which I’m not sure how to resolve. I’m trying to use the endpoint which returns an object with the corresponding friends, friend requests, and friend requests sent for the authorized user. What I’m finding is that this endpoint returns an empty set unless the api/v0/login endpoint was successfully executed before it. Thus far, this is the first end point I’ve encountered that requires the use of the login endpoint. The rest work with the oauth2/token endpoint for authorization. Calling the login endpoint beforehand seems to work for a while, but after sometime, the friends endpoint will return an empty set again. All other end points I’m using still work fine in this instance, even the ones requiring authorization, so it seems that there is something special about the friends endpoint.

My application uses the oauth2/token/ endpoint for authorization when the user first logs in, and then uses the token, or refresh token if the main token has expired. This works for all of the API methods thus far, with some requiring the Authorization header with the Bearer Access Token, which also work fine. What I find interesting about this is that in the above circumstance the user is unable to retrieve a list of their friends, however the POST request to add and remove friends still works.

What’s nice about the oauth setup is that I can keep the user authorized behind the scenes refreshing the token when needed. The api/v0/login endpoint requires a username and password, which I can execute when the user first logs in, along with the oauth2 token. Is there a refresh method for the login endpoint as well? I couldn’t find the website executing anything like this. The only other thing I’ve found is that the login endpoint uses a field called ebi whose string value is especially cryptic. Perhaps misuse of that field can cause the effects I’m receiving.

Does anyone have experience with the friends endpoint or login endpoint that could provide guidance?


I haven’t solved it, but I’ve found a workaround that fits my needs. Instead of using the endpoint, I’ve found the (notice the change of “ui” to “me”) endpoint will return the authorized user’s friends. The object returned from the API is formatted a bit differently, but that is no problem. The end point will require you to pass in the Authorization Bearer Token to work properly, but that’s expected. The only downside to this workaround is that the UI endpoint also includes the friend_requests and friend_requests_sent arrays, which the ME endpoint does not, so if you need those as well, this will only partially work for you. I hope that helps anyone who runs into a similar problem.