Hi, I would like to ask about user_api_keys. Currently, I am working on integrating our app to use Discourse user_api_keys for authorization. My question is: is there any way to retrieve user_api_keys using the API? Right now, after logging in via /session.json and checking the current user profile…

[תמונה] Stephen M J: My question is: is there any way to retrieve user_api_keys using the API? No, they are shown once and then only a hash is stored. [תמונה] Stephen M J: to avoid requiring the user to approve authorization a second time after they’ve already authorized it during the fi…

I don’t it is possible to retrieve the value of an API key via the API. Discourse doesn’t save unencrypted API keys to the database. Even if you could retrieve the encrypted value, there wouldn’t be a way to decrypt it on your application. Can you explain your use case a bit more? If a user API key…

Hey @RGJ , thanks for your answer.

Hi @simon , thanks for your response. Let me explain our case in more detail. We are building a mobile app that relies on backend logic from Discourse endpoints. When a user logs in through the app, the login data is sent to the Discourse API via session.json, which returns a cookie. This cookie is …

[תמונה] Stephen M J: In this case, we can use the API keys as a global token within the mobile app to access other Discourse endpoints. However, when the user logs out, the token should be removed from the global state so that they cannot access endpoints like creating a new topic. Maybe you …

Thanks for your input on this problem. I agree that it’s better to store the token in two places: first, in the global state to check the user’s login status, and second, in the database to store the user_api_keys.

[תמונה] Stephen M J: am working on integrating our app to use Discourse user_api_keys for authorization. Why not use discourse connect ? That’s the way to do authentication.

Hi, thanks for your suggestion. The reason we aren’t using Discourse Connect here is that we are not connecting Discourse with any other websites or other places. All login functionality will be handled directly through Discourse, and the app will only interact with Discourse.

[תמונה] Stephen M J: we are not connecting Discourse with any other websites or other places. Your app is another place. I’m pretty sure that you want to configure your app to be a Discourse Connect client so that people can log in to your app by logging in to Discourse. Then your app can in…

איך לשחזר את הערך user_api_keys באמצעות API

מפתח

simon 23 בספטמבר,‏ 2024,‏ 6:44am 6

Maybe you could generate a session token that’s separate from the API key. Use that token to indicate the user’s login status. That way you wouldn’t need to delete the API key when the user logs out.

נושא		תגובות	צפיות
User API keys specification Integrations rest-api , reference	70	35491	22 בספטמבר,‏ 2025
Discourse Login & Registeration Development	4	3549	28 בספטמבר,‏ 2016
Generating and retrieving user API keys Development	0	527	2 במרץ,‏ 2023
Allow API use by regular users, not just admins Development rest-api	7	1335	29 באפריל,‏ 2023
Generating User Api Keys with REST API Development rest-api	20	8708	8 באפריל,‏ 2018

איך לשחזר את הערך user_api_keys באמצעות API

נושאים קשורים