Feature request: x-callback tag list

macedotavares's Avatar


27 Feb, 2018 09:34 PM

Hi. I’m writing a set o basic but useful actions for Drafts 5. I would like to retrieve a list of tags already in use and present them in a prompt to add them quickly.

Could you add an x-callback URL action that returns a list of all the tags in use?


  1. Support Staff 1 Posted by Danilo Bonardi on 28 Feb, 2018 10:58 AM

    Danilo Bonardi's Avatar


    we don't have a call that returns all the tags at the moment, it can be easily done, but I wonder if it can result in privacy issues. We'll definitely think about it.


  2. 2 Posted by macedotavares on 13 Mar, 2018 12:21 PM

    macedotavares's Avatar

    I mean, tags already in use in my account, not everybody else's tags. That wouldn't raise any privacy issues, right?

  3. 3 Posted by Roar on 13 Mar, 2018 06:10 PM

    Roar's Avatar

    Another suggestion (in addition to the tag list mentioned above):

    I’m also missing one x-callback-url command: “search-notes-json” (or whatever to call it):

    Command shoul use Bear search syntax, but should return:
    Title, ID, Modified, Created, Tags
    As JsonResult in x-callback result.

    What do you think?

    See similar command in Ulysses workflows: UlyssesReportAndMarkdown

  4. Support Staff 4 Posted by Danilo Bonardi on 14 Mar, 2018 11:38 AM

    Danilo Bonardi's Avatar

    @macedotavares @Roar

    In both cases I have some concern about privacy. For the search, a malevolent app may search for "e" or " " and get all the user notes without express consent. Same things can be done for common tags like "bank", "family" or "work". The risk is compromising user's security. Am I too concern?

  5. 5 Posted by macedotavares on 14 Mar, 2018 12:19 PM

    macedotavares's Avatar

    I can tell you right away that as a user, I truly appreciate your concern.
    I’d choose security over integration anytime.

    Miguel Tavares

  6. 6 Posted by Roar on 14 Mar, 2018 01:24 PM

    Roar's Avatar


    I think you are right in your concern, specially on iOS where protection is good and could be comprised with x-callback-url commands as suggested.

    On Macs on the orher hand, any apps can have full r/w access to Bear database.sqlite, so not much difference.

    But certain x-callback-url commands could be protected with access tokens as in Ulysses’ implementation:

    Call with access-token




    Bottom line: I retract my request for now, it was just a wild thought, and probably not much in demand.

    So please substract my vote (-1 ;)

  7. Support Staff 7 Posted by Danilo Bonardi on 14 Mar, 2018 06:10 PM

    Danilo Bonardi's Avatar

    On Macs, on the other hand, any apps can have full r/w access to Bear database.sqlite, so not much difference.

    Not sandboxed apps (the ones on the Mac App Store).

    The token is indeed a very brilliant solution (no wonder it comes from Ulysses), maybe can be generated in-app by a preference functionality and pasted by the user who wants to access to security-critical xcallbacks.

    I'll keep it in mind if more people request this kind of functionalities.

    Thanks to everybody.

  8. 8 Posted by macedotavares on 15 Mar, 2018 02:57 PM

    macedotavares's Avatar

    I believe Drafts uses a similar solution.

    Miguel Tavares

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:


Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac