Moko Consulting

Open-source software for Joomla, Gitea, and web platforms. Home of MokoSuite, MokoGitea, and MokoCLI.

Tennessee
api/authentication

API Authentication

Authentication methods for MokoConsulting APIs.

Joomla Web Services API

Bearer token authentication:

Authorization: Bearer {joomla_api_token}

Create tokens in Joomla admin: Users > Manage > [User] > API Tokens tab

Example:

curl -s "https://mokoconsulting.tech/api/index.php/v1/content/articles" \
  -H "Authorization: Bearer c2hhMjU2OjM4Njo3ZTRl..." \
  -H "Accept: application/vnd.api+json"

Notes:

  • Use -L flag with curl (Joomla may redirect)
  • Accept: application/vnd.api+json header recommended
  • Content-Type: application/json for POST/PATCH requests
  • Tokens are per-user and inherit that user's ACL permissions

Gitea API

Token authentication (two methods):

# Header (preferred)
curl -H "Authorization: token 29367101e6edf28..." \
  "https://git.mokoconsulting.tech/api/v1/repos/MokoConsulting/MokoSuiteBackup"

# Query parameter
curl "https://git.mokoconsulting.tech/api/v1/repos/MokoConsulting/MokoSuiteBackup?token=29367101e6edf28..."

Create tokens in Gitea: Settings > Applications > Generate New Token

Notes:

  • Use -L flag (Gitea returns 307 redirects)
  • Token scopes control access level (read, write, admin)
  "https://crm.mokoconsulting.tech/api/index.php/invoices"

Notes:

  • Token is per-user
  • No Bearer prefix — raw token in custom header

MCP Server Authentication

MCP servers use the same tokens above, configured in their JSON config files:

// ~/.mcp_mokogitea.json
{
  "connections": {
    "default": {
      "url": "https://git.mokoconsulting.tech",
      "token": "29367101e6edf28..."
    }
  }
}

Tokens are never hardcoded in source — always loaded from config files at runtime.

HTTPS Requirement

All API communication must use HTTPS. HTTP requests should be rejected or redirected.