Get user info from user id

[@kappa]

Hello, we're developing a web application to handle the "can love be created?" [1] social experiment, this application will authenticate users through imgur's API, collect users' data, automatically match the users and automatically notify them of their matches.

We're having a problem with the notification part: when the users signs up we collect from the API save in our database its user id, user name, and e-mail address; when the time comes to send the match notification, however, the user could have changed its user name, and since private messages and mentions rely on the user name, we're unable to send them (I know, it's not something probable, but it /can/ happen).

Is there a way, having the user id, to fetch the user's public data?

In the API docs is mentioned only the "account base" [2] endpoint, but it requires the user name instead of the user id, which is exactly what I'm looking for…

Thanks.


[1]: http://imgur.com/gallery/7yxbd/
[2]: http://api.imgur.com/endpoints/account#account

[James Mahy]

Hey,

When the user logs in we use "me" as the username to grab their username and details, 

we store their tokens and then each subsequent request is done using their tokens. 

eg: 

https://api.imgur.com/3/account/me

As the current authenticated user.

Give me a shout if you need any help on he...@socialsavanna.com, we started doing the match making on Social Savanna but found there wasn't much interest 

so still have a lot of code left over from it.

James

[@kappa]

On Thursday, April 23, 2015 at 12:43:25 AM UTC+2, James Mahy wrote:
> we store their tokens and then each subsequent request is done using their tokens. 

This can be a solution, but it requires us to store the user's authorization token.

Currently I'm discarding every authorization info as soon as I've been able to confirm the user's identity and retrieve his id (if we're able to "refresh" his user name I won't save his e-mail address, either).

We're doing this because imgur's APIs do not provide granular access, once the user authorize an application that application has full control on the user's account, and I don't want such a responsibility if I can avoid it: databases can be compromised — yes, technically the tokens require the application's client secret to work, which we don't store in the database — but if something it's not there in the first place it can't be disclosed; moreover not having access to the user's account is a bonus for his privacy and peace of mind.

While I do understand that for an application like Social Savannah, due to its nature, interacting with the user's account is something that can happen frequently, in our application we only need to confirm the user's identity; once that is done we no longer need any interaction with the user's account — the user will probably never return to the web site once the application form is submitted, too.

Side note (not related to you suggestion): doing a refresh when sending out the notifications will at least double and at most triple the API calls, I don't know if this can somehow impact imgur's infrastructure (we send the notifications in bulk as soon as the matching — which happens automatically, thanks to @zrrz — is completed).

On Thursday, April 23, 2015 at 12:43:25 AM UTC+2, James Mahy wrote:
> Give me a shout if you need any help on he...@socialsavanna.com, we started doing the match making on Social Savanna but found there wasn't much interest 
> so still have a lot of code left over from it.

Thanks, I'll probably write you regarding a couple of issue we're facing at the moment, maybe you already solved them.

[James Mahy]

Ah I see, that's understandable but you wouldn't need to store their information unless you're planning on doing cycles. 

If you're doing it at login time you can use the "me" username to get everything you need, including their username.

Unless i've misunderstood? You shouldn't need to store anything.

[@kappa]

No, you understood perfectly. We already save the user id and user name when the user fills the application form; however from when the user sings-up to when the users are matched and the notification sent there is an indefinite amount of time — the matches are performed only when the application window is closed, it could mean weeks — so, if possible and reasonable, I'd like to re-validate the user names from the user ids before sending the notifications to avoid spam and lost messages (since a user can change his user name but not his user id).

[James Mahy]

As far as I know unless imgur change their process or add an additiona call, the only way you can do that is by storing the keys. 

Assuming it's not against imgurs terms and conditions and you have a fixed server IP, 

we could probably open up a simple api call for you to validate the information using a User ID on Sosa (eg you send userid, username and e-mail and the api confirms if it's correct or not) 

but then that would be limited to the imgurians signed up with Sosa (currently just over 70k) and we update daily.

[@jasdev]

Ask and you shall receive! I have a change in review that allows account base info to be looked up by ID, I'll let you know when it's live!

Cheers,

Jasdev

[@jasdev]

Updated the endpoint for ya :)

https://api.imgur.com/endpoints/account#account

[@kappa]

Thanks, that will be extremely useful.