Open-source software for Joomla, Gitea, and web platforms. Home of MokoSuite, MokoGitea, and MokoCLI.
Tennessee
api/authentication
API Authentication
Authentication methods for MokoConsulting APIs.
Joomla Web Services API
Bearer token authentication:
Authorization: Bearer {joomla_api_token}
Create tokens in Joomla admin: Users > Manage > [User] > API Tokens tab
Example:
curl -s "https://mokoconsulting.tech/api/index.php/v1/content/articles" \
-H "Authorization: Bearer c2hhMjU2OjM4Njo3ZTRl..." \
-H "Accept: application/vnd.api+json"
Notes:
- Use
-Lflag with curl (Joomla may redirect) Accept: application/vnd.api+jsonheader recommendedContent-Type: application/jsonfor POST/PATCH requests- Tokens are per-user and inherit that user's ACL permissions
Gitea API
Token authentication (two methods):
# Header (preferred)
curl -H "Authorization: token 29367101e6edf28..." \
"https://git.mokoconsulting.tech/api/v1/repos/MokoConsulting/MokoSuiteBackup"
# Query parameter
curl "https://git.mokoconsulting.tech/api/v1/repos/MokoConsulting/MokoSuiteBackup?token=29367101e6edf28..."
Create tokens in Gitea: Settings > Applications > Generate New Token
Notes:
- Use
-Lflag (Gitea returns 307 redirects) - Token scopes control access level (read, write, admin)
"https://crm.mokoconsulting.tech/api/index.php/invoices"
Notes:
- Token is per-user
- No Bearer prefix — raw token in custom header
MCP Server Authentication
MCP servers use the same tokens above, configured in their JSON config files:
// ~/.mcp_mokogitea.json
{
"connections": {
"default": {
"url": "https://git.mokoconsulting.tech",
"token": "29367101e6edf28..."
}
}
}
Tokens are never hardcoded in source — always loaded from config files at runtime.
HTTPS Requirement
All API communication must use HTTPS. HTTP requests should be rejected or redirected.
Pages