API Noob Here: Getting public info via API v2

Hey all,

I’m developing a static site and I want to pull in some extremely basic data. This is my first rodeo with API, aside from figuring out how to pull in Twitch API. I have been wrestling with the Patreon API for two months now, and I must be missing something critical that I can’t glean from the docs.

What I’m trying to do first before I do anything else is just figure out the URL I’m supposed to be calling. I want to get number of patrons and total amount pledged to start with, so I can display it on my website. Once I can do that, I’ll expand to something more complex.

1. I am, at the moment, using straight javascript on localhost while I develop. So no libraries, PHP, etc.
2. I will work on environment variables/security measures/etc etc after I get the basic stuff working and I know that I’m on the right track.

Since there will be no sign in on the website, unless I’m mistaken, there’s no reason to go through the OAuth process. I just use my access token from the client I received. I just want to pull in variables that have nothing to do with who is signed in.

As of right now, I’m just trying to put the URL into the browser to see if I can get an authorized JSON response. I have also tried doing this through XMLHttpRequest in Javascript, and I’ve also tried using Postman. Note: I’m also a javascript noob and I’m learning as I go, but I’ve got a decent handle on it. (This is all kind of my learning project!)

From what I understand, I’d be calling…

https://www.patreon.com/api/oauth2/v2/campaigns/#####?fields[campaign]=pledge_sum,patron_count
(where ##### = campaign_id)

…but of course that’s unauthorized, because there’s no access token.

So, I suppose my questions are:

1. Do I have to go through the OAuth process every time, even though no one is logging in? The API docs say you can use your access_token in place of OAuth when making API calls, but does not make it clear how to do so.
2. Is there really no way to limit the scope of the client when you make it? If someone got a hold of my client ID & secret or access token, they could just pull any information whatsoever and there’s seriously no way to say “just look at the public stuff please”?
3. Is it impossible to call the URL on a browser without going through the OAuth first, and therefore I have to do it in subsequent XMLHttpRequests?
4. Is my problem maybe that my client, including the redirect URI, is currently using localhost? Will the redirect URI break things if I’m never using it, since no one is being redirected anywhere?

Let me know what I’m missing. I know I’m new to this, but I’m fairly competent as a coder and a learner, and my husband is more capable still, and we’re both stumped right now.

Thanks in advance!

1 - You dont need to go through oauth every time. Using a valid access token will allow you to make any call to the api on behalf of the patron. As long as you have requested the token for that scope.

You can just check the PHP lib for simple examples. WP plugin also has a working integration for doing oauth and gating functions.

2 - As far as i know creator token comes with all relevant scopes assigned. Your app client should only work with the scopes which were requested with a patron’s token so its limited to what scopes you request.

3 - If you use the patron’s access token you can make calls to api without oauthing.

4 - All urls need to be properly formed for login to work.When an access token expires it will need to be renewed by going through oauth. Something like a month duration.

If you’re not making an api call on behalf of any patron, but just for the public to see your information mirrored on your page, when do you request the token? If it’s, apparently, not from using the client I created from Patreon and its attendant access_token? I have already pored through the PHP lib, and the Javascript lib, for examples and nothing seems to fit the question I am asking. It all assumes that I’m having someone log in, or connect their account, or making an OAuth call at all.

At this point maybe it’s better if I don’t use the API at all, and just make a separate script to run and pull the information off my page. There is no gating. There is no integration. I literally just want to get my Patron Count and my Dollar Amount on my own site to display. Like hey, like my comic? Look at all these people already supporting me!

I personally loathe Wordpress and I am moving away from it; but even if I didn’t, I already stated that this is 1) a static site, and 2) a learning project for me.

So you can limit scopes when you request a patron’s token. That makes sense. But what do you do if you’re not requesting a token? If you only have the creator token?

Again, there is no patron’s access token. I am not requesting a token. No one is logging in or making a call.

So I can’t use http://localhost as the URI? A post earlier on this forum implied otherwise.

Let me try rephrasing this another way, since I am clearly mistaken in how this works.

You are a content creator. You have a portfolio site, which you have created by hand, with good ol HTML, CSS, and Javascript.

On your portfolio site, you want to display the current amount of money you are making on Patreon, as well as the number of people supporting you.

How would you go about doing this?

You would need to use your creator access token to make a call to the api and get your campaign information. Within that result you can get information related to your campaign.

Okay, cool. Thank you. That’s what I thought. So how do I structure the URL to include my access token (ignoring security for the time being)?

Just check out PHP library, it has examples for common use cases.

In examples folder, obviously. However the readme also contains a quick authorization example.

All I was able to glean from that is that Patreon-PHP has a function that lets you make an api call. Specifically:

$api_client = new API($access_token);

I have dug into API.php and I still can’t figure out how to parse a URL together that includes the Access Token. It’s passed through the Authorization Header.

So is it impossible to have a single URL that I can drop into a browser that returns information? Does it have to go through a multi-step coded request? Because that’s all I’m getting from this.

There is an example down below in the readme of the library already?

It includes url construction to send users to login at Patreon. And receiving the info back.

If you want to make a call to the api with an access token you already have, you will need to send headers with the request. This would mean that you cant just copy/paste an url with an access token and get a result using normal browsers.If you can modify your browser to send custom headers while making the request, that is.

Okay, thank you thank you. That’s the information I needed. The other APIs I’ve noodled with let you put the access token in the Url and get the information from the browser. I was using that to make sure I had the right information before moving forward.

I’ll give XMLHttpRequest another shot then and see if I can get that to work.