Posting to Pleroma inbox

Hi, is it possible to POST e.g. a note to Pleroma user’s inbox using C2S API? I am not sure from reading the AP specs and even not sure after investigating the Pleroma code.

I’m trying to do POST like this:

curl --location --request POST 'https://greenish.red/users/nokton/inbox' \
--header 'Content-Type: application/activity+json' \
--header 'Authorization: Basic ...' \
--data-raw '{"@context": "https://www.w3.org/ns/activitystreams",
 "type": "Create",
 "to": ["https://greenish.red/users/nokton"],
 "actor": "https://greenish.red/users/nokton",
 "object": {"type": "Note",
            "attributedTo": "https://greenish.red/users/nokton",
            "to": ["https://greenish.red/users/nokton"],
            "content": "do I need id??"}}'

I guess the problem is there is no HTTP signature ({valid_signature: true} from the Pleroma source code), but I was hoping I could avoid it when using credentials (Basic auth).

So is there a way to somehow easily POST to user inbox using C2S AP? I’m sure @lanodan will know :slight_smile:

HTTP Signatures are for servers. Also the endpoint you want to use is /users/:nickname/outbox.

Here is a working setup with curl that I use for some real-life tests:

In create_note.json:

{
  "@context": "https://www.w3.org/ns/activitystreams",
  "type": "Create",
  "to": [
    "https://www.w3.org/ns/activitystreams#Public",
    "https://queer.hacktivis.me/users/lanodan/followers"
  ],
  "actor": "https://queer.hacktivis.me/users/lanodan",
  "object": {
    "attributedTo": "https://queer.hacktivis.me/users/lanodan",
    "type": "Note",
    "to": [
      "https://www.w3.org/ns/activitystreams#Public",
      "https://queer.hacktivis.me/users/lanodan/followers"
    ],
    "content": "Dayum~"
  }
}

curl -v -XPOST -H 'Content-Type: application/activity+json' -d @create_note.json -u "lanodan:$(pass show queer.hacktivis.me/lanodan)" https://queer.hacktivis.me/users/lanodan/outbox | tee create_note_response.json

Notes:

  • I am using HTTP Basic Auth via -u here, and OAuth is also possible, just a bit harder to do (tested it via curl scripts as well).
  • I grab my password via my pass(1) storage you can also consider it the same as $REDACTED
1 Like

Thank you.

First - I’m not sure we have the same context of the messages. I tried posting to my outbox and it worked. I want to post to somebody else’s inbox. Like I would want to send you a (private) message, not post a note to my followers. From the example exchange at https://www.w3.org/TR/activitypub/#Overview - I am Allyssa and want to send a note to Ben’s Inbox. From the LDN point of view (https://www.w3.org/TR/ldn/#overview), I, as a Sender, want to POST an AP message to the Receiver’s Inbox.

Or do I understand it incorrectly and when using C2S AP, I always have to send messages using my outbox? But that would mean I could only send messages to interlinked servers. From what I understand, LDN is designed so I can discover anybody’s Inbox (if he has made it public) and POST a message to it. I assume AP is building on top of this, so the flow is the same, just adding AP constraints/semantics (message format, Actors specification, etc.).

Yeah, you always send messages to your own outbox, quite like how with SMTP your client send messages to your own SMTP server, not directly the one of your target. This is why there is addressing like to/cc.

Yeah, you always send messages to your own outbox

Ok, and is this Pleroma-specific, or general AP? :slight_smile: Like if I wouldn’t use Pleroma and I was building a new AP client (only C2S) application, how would I send a message to some other AP implementation using C2S API? Would I have to implement also a server that would use federation with the other implementations of AP and in my client POST to my Outbox on my server in order to send message to the other person on different implementation?

I’d expect, like with LDN, just POST to the other person’s Inbox should work…

Only servers post to inboxes. To send a message to another user, you send it to your outbox with the to field referencing the target