Enabling Netlify Identity Features from the Netlify API

Hi ! I come once again to you for a question concerning Netlify API.
What I’m trying to do is the following :
We have an API REST in GO that allows us to create and deploy “Sites” on netlify. This happens in one call at our API and it then take care of all the calls to github/netlify to send the configurations etc.
I am using a PAT token because only admins who have access to netlify can do it anyways.
I didn’t find any documentation on your docs as to how achieve this, so I did what you said and took a look at the API calls in your front app.
Now my issue is that we would like to (within our API) :

I’d like to point that I’m trying to do the same steps we usually do manually, and it works with the Netlify admin pages, the API calls are the same.
It does seems to work. But when I take a look in the Netlify administration pages, it didn’t.
Might it be because I call them “too quickly”?
If you need any more information I’ll be glad to send it!
Thanks again!

Hi @Frenx :wave:t2:

Cool :slight_smile: Neat system you’re building. One click admin everything sounds super scalable. I don’t necessarily have any specific advice for you on this particular question but my more generic question is, have you opened up the network log of dev tools while doing this process on a site manually in the Netlify Admin back end? I only ask because the Netlify Admin back end uses the API in the same way you or I would - everything should be exactly the same. I’m wondering if you just follow the network log trail there if you would find your answers.

Cheers!


Jon

and, if you already did that based on your quoted snippet above, let me know!

Thank you for the quick answer and the kindness :smiley: !
Indeed I have already tried with the debug tool, and just tried again to make sure I didn’t miss anything.
The calls to Netlify API are the same, it seems like there is a second call for each one of them, with no json inside. Do I have to make these aswell ? Here’s an example CURL for Disabling the signup :
(This is the first call which I also do in my API)

curl 'https://api.netlify.com/api/v1/sites/[siteID]/identity/[IdID]' \
-X 'PUT' \
-H 'authority: api.netlify.com' \
-H 'authorization: [Token]' \
-H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/86.0.4240.75 Safari/537.36' \
 -H 'content-type: application/json' \
-H 'accept: */*' \
-H 'origin: https://app.netlify.com' \
-H 'sec-fetch-site: same-site' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-dest: empty' \
-H 'referer: https://app.netlify.com/sites/[site-name]/settings/identity' \
-H 'accept-language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7' \
--data-binary '{"disable_signup":true}' \
--compressed

This is the second one :

curl 'https://api.netlify.com/api/v1/sites/[siteID]/identity//[IdID]' \
-H 'authority: api.netlify.com' \
-H 'authorization: [token] \
-H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) 
Chrome/86.0.4240.75 Safari/537.36' \
-H 'content-type: application/json' \
-H 'accept: */*' \
-H 'origin: https://app.netlify.com' \
-H 'sec-fetch-site: same-site' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-dest: empty' \
-H 'referer: https://app.netlify.com/sites/[site-name]/settings/identity' \
-H 'accept-language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7' \
 -compressed

Hey @Frenx!

So I pulled up an old site in my roster that I could play around on, enabled Identity, and traced the API call for disabling open registration (making it invite only) and it seems to work fine for me. Right after I make the API call I refresh the browser page and it correctly updated the UI to reflect “invite only” :confused:

I use httpie instead of cURL (highly recommend), so my syntax looks like the following, but as you can tell, it’s pretty brief!

HTTP PUT https://api.netlify.com/api/v1/sites/123abc/identity/123abc Authorization:"Bearer abcabcabcaabcabcabcab" disable_signup=true

And the response is a 204 like you see:

So… that should be working for you. My only concern would be, are you making sure to capitalize the A in “Authorization” for that header? Your cURL dump doesn’t have it capitalized so I just wanted to check. Getting back a 204 would make me think that it is hitting Netlify Identity correctly, but can’t hurt to check.

Second, are you intentionally sending the payload as binary data? Your cURL dump reads as such but still using the “application/json” content type. Could you share the snippet of code that you wrote to hit the Netlify API that isn’t working? Might be useful to troubleshoot deeper.

FYI the second request in the UI that you’re seeing is effectively just a refresh. It happens after almost all updates (PUTs, POSTs, DELETEs) and is very normal but you certainly don’t need to do those in your own API system.


Jon

@jonsully
I’m really sorry for the late response, I had some other things on the plate ! Thank you a lot for looking into this!
The Curl I posted was just an extract from the Netlify dashboard. My client is in Go and I’m using the http package. Here is an example :

    func (n netlifyRepo) DisableSignup(siteId string, idInst sites.IdentityInstanceResponse) error {
	//Send data, not really clean but it works...
	b := new(bytes.Buffer)
	errEnc := json.NewEncoder(b).Encode("{\"disable_signup\":true}")
	if errEnc != nil {
		log.Error(errEnc)
		return errEnc
	}

	request, err := http.NewRequest("PUT", "https://api.netlify.com/api/v1/sites/"+siteId+"/identity/"+idInst.ID, b)
	if err != nil {
		log.Error(err)
		return err
	}
	request.Header.Add("content-type", "application/json")
	request.Header.Add("Authorization", "bearer "+os.Getenv("NETLIFY_TOKEN"))

	client := &http.Client{}
	resp, err := client.Do(request)
	if err != nil {
		log.Error(err)
		return err
	}
	log.Debug("Response status : ", resp.Status)
	defer resp.Body.Close()

	return nil
    }

I did capitalize the A on the requests, although that do not seems to change anything, because my other methods seems to work well without them.
It is strange that I still have a 204 but nothing changes in the dashboard. I don’t really understand what could be wrong. Unless the problem comes perhaps from me using the payload as binary data?

Yeah I think it may be. Technically a PUT request with no actual content is still valid; you’re sending a mutation request but then the receiver (Netlify API) isn’t receiving any actual mutation… so it’s sort of a no op. The 204 may represent something like “Hey your request to change something is valid, but you didn’t actually send a change” which could occur if the server wasn’t able to handle your binary data.

I’m not super familiar with Go (I can read it but don’t write it :stuck_out_tongue:) but this article walks through converting JSON to Go objects and vice versa; since you’re not actually attempting to use Go objects converted to JSON and instead are just posting a static JSON string ({"disable_signup": true}) I don’t think you need any encoding or specialness at all. Especially since you’re setting Content-Type: to application/json, the JSON should come in as a string I believe. I might suggest replacing this line:

request, err := http.NewRequest("PUT", "https://api.netlify.com/api/v1/sites/"+siteId+"/identity/"+idInst.ID, b)

with

request, err := http.NewRequest("PUT", "https://api.netlify.com/api/v1/sites/"+siteId+"/identity/"+idInst.ID, "{\"disable_signup\":true}")

(or similar; I’m not sure if you can give .NewRequest() a string or if it needs a byte buffer :sweat_smile:)

Hope that works!


Jon

1 Like

That was exactly my problem !
I was sending encoded data where Netlify API coudn’t process it. Removing it made the system work perfectly. Thank you a lot for the help !

1 Like