Do I need to use the admin bearer token for normal user actions via API? (e.g. login, post, upvote)
-
Hi,
I'm working on an Android app that uses NodeBB as the backend. I'm trying to interact with everything through the NodeBB API — like registering a normal user, logging them in, creating topics, replying, upvoting, etc.
My main question is:
Do I need to use the admin bearer token for all these actions, or should each normal user get their own token after login and use that?
Also, I'm a bit confused about the login endpoint. I've seen both:
/api/login
/utilities/login
Which one is the correct endpoint to log in a normal user using the API?
Apologies if this is a basic question — I checked the docs but couldn't find a clear answer or a complete example for handling the full user flow via API. Any help or guidance would be much appreciated!
Thanks in advance!
-
Hi,
I'm working on an Android app that uses NodeBB as the backend. I'm trying to interact with everything through the NodeBB API — like registering a normal user, logging them in, creating topics, replying, upvoting, etc.
My main question is:
Do I need to use the admin bearer token for all these actions, or should each normal user get their own token after login and use that?
Also, I'm a bit confused about the login endpoint. I've seen both:
/api/login
/utilities/login
Which one is the correct endpoint to log in a normal user using the API?
Apologies if this is a basic question — I checked the docs but couldn't find a clear answer or a complete example for handling the full user flow via API. Any help or guidance would be much appreciated!
Thanks in advance!
ajay_89 the admin bearer simply allows you to call the NodeBB API as any uid. A user token is keyed to a specific ID.
In the Android app you would probably want to use a user token based on the logged in user. That is because it is likely unsafe to store the admin token in the APK. It can be decompiled and leaked.
