I was so excited when I finally got a real pod interacting with the API that I knew I’d have to get it written down before I could get to sleep. However before dropping right to the interactions itself I decided to take some time describing how a piece of software would be allowed to do anything with a server. In Part1 I laid all of those details out to get across some very important points:

• We are using a standard (OpenID/OAuth2) protocol for doing this
• Users have to give explicit permissions to an application, including being told what it is and is not asking to do
• There are security measures once an application is granted permissions as well.

This article essentially details the very first communications and gives people a feel for what the Diaspora API specification looks like in practice not just in theory.

Okay I’m obviously over excited about the fact that something which I knew should work actually did work. However all the previous API usages were on servers on the local machine, not behind an HTTPS link, and not being shared with the rest of the fediverse. This one breaks through that barrier. I have therefore decided to document it in excruciating detail. For the first pass all of these interactions were manual using cURL and FireFox RESTClient plugin . The next step, which will be coming up very shortly, will be creating the very first server to use this for a real purpose (I’ll document that as that happens). This document goes over the nitty gritty details of the whole authentication piece. The next article will go into the calls themselves. If you don’t care about the nuances of the authentication steps then just skim or skip this and go to the Part 2 . So without further ado, here we go…

As we begin to wrap up the year we also are beginning to wrap up the API getting ready for the “real” pull request for the API code. We are down to one last code review of the final clean up pass before we have it looked at by the core team. I think the code is pretty solid but it will of course have problems that are discovered during the review and the testing. Ah the testing, real world testing that we really need to do. To get there we need to have a test server. Thankfully that’s all taken care of now and we’ve had the first data interactions with a pod.

As I get more and more fed up with Facebook while also getting more and more embedded into the Fediverse I’ve been considering the whole #deletefacebook campaign again. I turned off Facebook earlier but never deleted it. As the new year approaches the thought of shutting it down appealed to me but then I went a step further thinking I should just blow away all of my data as well. There are lots of posts with lots of data and lots of associations that I want to keep though. Thankfully Facebook provides a mechanism for extracting your data. Unfortunately if you assume all of your data is there you’ll probably be wrong.

I’ve been blogging on Wordpress since 2013. For a long time I had wanted to blog and tried LiveJournal and sites like that. It wasn’t until 2013 when I was deciding to embark on a personal fitness experiment that I finally bit the bullet and created the N=1 blog. The original premise was exploring the whole area of Quantified Self and longevity for my own purposes. It was going to kicked off by a grand experiment of living various different fitness lifestyles for periods of time to see if any made a dramatic difference, positive or negative. I never really got too far into that experiment. Then the blog became my ramblings on the topic. Over time I had less interest in that and more in software engineering. Rather than create a whole new blog I decided to just add new categories. As the boundaries of what I wanted to post became less clear it really just became my public journal on all topics interesting to me.

Today is a momentous day in the Diaspora API development saga.  Today we have completed primary development of the API, the unit tests, and the external test harness.  There are still two code reviews between that and the real code review for integration into the main development branch, but all of the major work is complete.  What does that mean exactly?

Boy are we really coming down the home stretch now!  All of the scopes are implemented in every API endpoint now with their corresponding tests to confirm that the permissions are working correctly.  The most difficult of those, I thought, was the Streams, again.  After beating my head against a rock a lot yesterday I put the whole project down for the day and then picked it up today.  After warming up on the other endpoints I started working my way through getting Streams working such that it could filter private data.  After a bit of fumbling I finally got a relatively simple solution to the problem and got all the tests passing correctly.

It’s been almost a week since there’s been an update on the API.  I’ve been busy with other things and travel so it didn’t get as much focus as I would have liked to have given it.  However there has been some progress.  Thanks to Frank ’s help we’ve been able to get all of the side branches merged into the core API branch so that we are now coming down the home stretch on getting it ready for integration.  The first order of business for that is getting the OpenID security stuff squared away.  I’m still working on understanding that better and the more I go back to it and work with it here the better that looks.  There is still the question of the "refresh token" workflow but work has been done on it so if anything it’s a small tweak thing or a documentation thing versus a from scratch development thing.  Even in the event that it was a from scratch thing with the code base I have and the examples I mentioned before it shouldn’t be a huge effort to get that working.  Most of the security work is therefore integrating in the much more fine grained security scopes which Senya has been working to hone.

While I post mostly on Fediverse platforms like Diaspora and Mastodon , and am focusing my development efforts there, the instant messaging accessibility of Facebook Messenger has been illusive. I tried Wickr and it’s okay but not the most user friendly. It’s claim to fame is the messages only go from the participant to the receiver without a server between except for authentication. That makes the flow clunky, to say the least.  Which is why leaving Facebook has been one of my least successful aspects.    I wanted to explore other options and in the last week I pulled the trigger and actually did it.