I need help with Mobile API (vbulletin). I am trying some basic function like logging in and keep getting "badlogin" even though I am sending correct username password. Could someone here share any code they have written to use Mobile API provided by vbulletin. I opened a ticket with VB but they keep saying its unsupported.

Please guide/help.

Can anyone help?

The problem is with api.php provided by Vbulletin. Since vBulletin refuses to provide any support on their own product or even look at their own code, for anyone who is having issues, here is what I found, hopefully that helps:

api.php : line 68 - Code fails to check the request type and assign POST parameters to VB_API_PARAMS_VERIFY



unset($_GET['']); // See VBM-835
$VB_API_PARAMS_TO_VERIFY = $_GET;
unset($VB_API_PARAMS_TO_VERIFY['api_c'], $VB_API_PARAMS_TO_VERIFY['api_v'], $VB_API_PARAMS_TO_VERIFY['api_s'], $VB_API_PARAMS_TO_VERIFY['api_sig'], $VB_API_PARAMS_TO_VERIFY['debug'], $VB_API_PARAMS_TO_VERIFY['showall'], $VB_API_PARAMS_TO_VERIFY['do'], $VB_API_PARAMS_TO_VERIFY['r']);


As a result, when the "signature" is checked in includes/init.php - it is incorrect (since init.php assumed VB_API_PARAMS_TO_VERIFY to be empty).

Here is the fix: Replace line 68 with



if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$VB_API_PARAMS_TO_VERIFY = $_POST;
}
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
$VB_API_PARAMS_TO_VERIFY = $_GET;



At this point, right params are passed and signature is verified.

Another note, per vbulletin API GET wont work : http://www.vbulletin.com/forum/content.php/365-User-Related-Methods



Parameters
POST (Required)
vb_login_username - Username to login
Note that one of 3 vb_login_*password* methods is required.
vb_login_password - The password of the User. If client use this to login, the plain password may be sniffed during the pass in the network
vb_login_md5password - The md5 password of the User
vb_login_md5password_utf - The md5 password (Unicode) of the User

POST (Optional)
logintype - Possible value: 'cplogin' or empty. 'cplogin' means that the login will also allow the user to access the AdminCP if they have permission.



I am seriously disappointed with the lack of help I received from vBulletin, but there is nothing I can do about it. It was particularly annoying that each time I asked or even tried to reach out to a person who had similar problem I got "shoo to vb.org" response. However, I hope this helps anyone else in similar situation as me to get this working.

Thanks webdzinez,

it helped me out. I also found an issue on vbulletin jira which is still unconfirmed.
http://tracker.vbulletin.com/browse/VBIV-14051

Greetings
Bundschuh