Arran's Blog

Trusted Client Domains with Ghost's Bleeding Edge Public API

My first term at university has come to an end and to kill a Saturday on the barely qualifying fringes of Greater London I’ve set myself the challenge of revamping my landing page in 24 hours. I’m about half way through that time period and I’ve got a fairly bare bones template that I’m trying to make more interesting by accessing information from the various places I inhabit on the web.

One of the places I’d like to pull content down from is this blog which is running on the lightweight Ghost platform. Ghost is a relatively new kid on the block and their API has only just really come out and has to be enabled via an obscure tick box in the ‘Labs’ settings page. In addition if you want to query the API from a different domain to the one your blog is hosted on, like I do you’ll need to add a new trusted domain to the client_trusted_domains table in the SQLite3 database.

I haven’t toyed with SQLite before and doing so via command line isn’t the easiest thing so I decided to jot down how I did this in case it helps anyone else.

The first tip is that Ghost doesn’t check your port or protocol when checking a trusted domain so you only need to include your host name. Every trusted domain needs to have a trusted client, which you include when you query so if you’re accessing from a different location than where your blog is hosted you’ll probably want to create a new client as well.

Here are the commands I ran to add a new client and an associated trusted domain.

I’m sure there is some SQLite magic to generate UUIDs and to grab the last inserted ID from the previous table I generated my UUID here and my client secret using random.org’s string generator.

This first block of SQL creates a new client, change your UUID, secret key, name, and slug.

INSERT INTO `clients`(`uuid`,`name`,`slug`,`secret`, `status`, `redirection_uri`,`logo`,`description`,`created_at`,`created_by`,`updated_at`,`updated_by`) 
VALUES ('7a1a67f1-93de-4566-876b-97d06d4a2ac3','My App','my-app','XWfmJKYYh9', 'enabled', NULL,NULL,NULL,'',0,NULL,NULL);

This grabs the ID for your client

SELECT id 
FROM clients
ORDER BY id DESC
LIMIT 1

Use the ID you just got, a new UUID, and your hostname to create a new trusted domain.

INSERT INTO `client_trusted_domains` (`uuid`, `client_id`, `trusted_domain`)
VALUES ('7a1a67f1-93de-4566-876b-97d06d4a2ac3', 99, 'localhost')

Those three commands should be enough to give you access to your blog’s API from a different origin address. Bear in mind you’ll need to pass your client slug and secret as a URL parameter in order to access it.

Related Posts

  1. Ngrok <3
  2. Keeping the Secret Safe
  3. Arran's Guide to Fixing a Pull Request
  4. Websites Should Handle Accounts Better
  5. Blog Quandaries | Scriptogram, Postach.io, Ghost, and Github Pages