Nextcloud Talk API send message by a guest

Hi! I am looking at how to send a message on behalf of a guest user to a conversation where guests are allowed to post. Cannot understand how to do it.

What is working for me is sending on behalf of a registered user:

curl --data '{"token":"<roomid>","message":"hi there"}' -H "Content-Type: application/json" -H "Accept: application/json" -H "OCS-APIRequest: true" -H "Authorization: \"Basic ********=\"" -v -X POST https://mydomain.tld/ocs/v2.php/apps/spreed/api/v1/chat/<roomid>

If I am not providing credentials, I am getting 404 error.

I will be thankful for any help!

I have no references handy, but there are some discussions here and maybe on github… Anonymous chats need some two-step process of “entering” the talk room and later posting the messages. I didn’t got it when I needed so I created dummy user without permissions and use this dummy user to post from my scripts

basic example how do it with PowerShell

$server = "https://mynextcloud"
$user = 'user name' # User You should create for your bot
$pass = 'plain text password of the user'
$room = 'xyzxyz'  # Chat RoomId  (bot user must join the talk room before)

$headersbasicauth = @{
    'Authorization'= 'Basic ' + [convert]::ToBase64String( [Text.Encoding]::ASCII.GetBytes( $($user + ":" + $pass) ) )
    'Content-Type'= 'application/json'
    'Accept'  = 'application/json, text/plain, */*'

$msg = 'test from powershell'
$body = @{ 'token'=$room; 'message'=$msg }
$body = ConvertTo-Json $body

$uri = ('{0}/ocs/v2.php/apps/spreed/api/v1/chat/{1}' -f $server, $room)
$rebasicauth = curl $uri -Headers $headersbasicauth -Body $body -Method POST -v -UseBasicParsing

some unsorted URL I saved in my notes for this topic:

1 Like

Hi! Thanks for your quick response. I see that you are also using password. The matter that I would like to replace pushbullet notifications with NC Talk, which are sent by dumb devices (routers, printers etc), which do not have much more sophisticated scripting languages…

I was trying to play with several curls, eg, joining the room, and afterwards sending some text. Some people suggested to catch and analyse cookies, but that is not elegant and a bit complicated.

Are any thoughts to simplify the process in the code itself?

Another question, may I use here actorType bot in order to get the desired behaviour? As these notifications are one directed and the conversations will not require replies. What do you think?

1 Like

you don’t really need sophisticated programming language on your device. If you use user:password auth you could even calculate the auth string in advance and just use it on your device (add static Authorization header). this works:

curl -d '{"token": "<room>", "message":"test from linux"}' -H "Content-Type: application/json" -H "Accept: application/json" -H "OCS-APIRequest: true" -v -u <username>:<password> https://mynextcloudurl/ocs/v2.php/apps/spreed/api/v1/chat/<room>

if the output is little more complicated then a single text the biggest problem I have is to turn the message into valid JSON as you need to escape lot of special characters…

Hi, this I already use (see my topic starter above)! However, I would like that each device will be a guest posting messages in specific public conversation, rather than create real user account(s) for each of them.

I have had a conversation on github on that as well, perhaps, you may be interested to read it Send message as a guest to public conversation · Issue #6736 · nextcloud/spreed · GitHub.

I feel your pain, but this is how the system works… either you go the hard way and join the meeting. collect cookies and post anonymous or you create an (individual) account for each device and use 1-step+basic_auth posting…

you can’t expect the system works in a way you want it… I’m not involved in the design but there might be a reason to enforce this way… take or leave it

BTW: I don’t see any drawback if you share the same user account for multiple devices - this is almost the same as posting as anonymous

Well, we may suggest how the system may behave. I feel, that I am not agree with so complicated approach. Using a real account is not a good idea, that’s why I was thinking about guest or bot actor type. The latter one is more interesting for me, however I haven’t found any mentions about APIs with this type…

I think what you actually want is Webhook Support · Issue #1879 · nextcloud/spreed · GitHub or API for Bots · Issue #1936 · nextcloud/spreed · GitHub

1 Like

Hi! Thanks for referring. So, waiting till implemented… I cannot influence the instance, which is hosted by an independent hoster.

Hi! I have another relevant question. When I enabled 2FA and created the password for the application the script is no more working. Are any advice, how to make it work with app passwords?

Hey-hey, please, help with your advice how to overcome basic authentication in API, if app password is enabled?