403 Error during multiple API calls

We are using the following APIs to update and suspend users but we are getting 403 errors. Can you inform us what is the cause for this error. FYI, we are using API key of admin user.

Suspend API

`{{base_url}}/admin/users/316/suspend?api_key={{api_key}}&api_username={{api_username}}`

Request BODY

{
    "suspend_until": "3020-04-17",
    "reason": "inactive"
}

Response - 403 Forbidden

Email update

{{base_url}}/users/{username}/preferences/email?api_key={{api_key}}&api_username={{api_username}}

Request BODY

{
 "email": "discourse1@example.com"
}

Response - 403 Forbidden

You need to put the API key in the header, not the url.

1 Like

Even tried it as well.Getting same 403 Forbidden with BODY-> [“BAD CSRF”]

The API credentials need to be in the request header. You also need to use a dash instead of an underscore for the header field names:

  • api_key needs to be changed to api-key (or Api-Key)
  • api_username needs to be changed to api-username (or Api-Username)

The rule is that the header field names are not case sensitive, but you need to use dashes, not underscores. (I learned this the hard way.) Have a look at the example at the top of Discourse API Documentation to see a properly formatted API request.

3 Likes