Howdy!
I’m trying to run an API call to create a new topic. Discourse API Docs
Using Postman I am sending in the API Key / Username / Content-Type as Headers, and JSON data in the body.
I have verified the API Username and Key are correct, but, the API call returns the HTML of our sign in page.
Is this expected? How can I work around that?
Can you please paste the cURL version of the API call you are trying to make?
Sure…
curl -X POST 'https://staging-discuss.newrelic.com/posts.json' \
-H 'Api-Username: RyanVeitch' -i \
-H 'Api-Key: My-API-Key' -i \
-H 'Content-Type: application/json' \
-d \
'{
"title": "My fancy title",
"raw": "Some random text to fill my topic",
"category": 212,
"created_at": "2020-06-22"
}'
In the terminal I get this output:
HTTP/1.1 307 Temporary Redirect
Proxied-By: Service Gateway
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://staging-login.newrelic.com/login?return_to=https%3A%2F%2Fstaging-discuss.newrelic.com%2Fposts.json
content-type: text/plain;charset=UTF-8
content-length: 138
Redirecting to a different URI: https://staging-login.newrelic.com/login?return_to=https%3A%2F%2Fstaging-discuss.newrelic.com%2Fposts.json%
Let me know if you need anything else from my side to help in troubleshooting 
Appears that you have a very custom setup with a proxy in the middle.
That is not standard Discourse behavior, so it looks like this is caused by your special proxy thing.
Maybe there is a special Header you can send to bypass the proxy? Gotta check with that product docs.
Hey @Falco - I managed to get through the proxy but I’m now being hit by 403 BAD CSRF Errors.
I see this thread seems kinda unfinished…
Do you have any thoughts on how to beat these errors?
I just tested your example curl command locally and it is working fine for me so the syntax is all correct. Is is possible the proxy is stripping some headers? That could be why you are getting the BAD CSRF errors because it can no longer read/access the api credentials.
Thanks @blake
Our proxy is fully custom in house built and it’s a front layer to the public.
I’m VPN’d into our internal network & I’m not hitting the public URL, I’m hitting the backend (behind proxy) URL, so, the requests shouldn’t be going through the proxy.
Our staging discourse instance is v 2.3.10
Does the API behave differently on that version?
Nope, v2.3.10 still has all the header based auth stuff so it shouldn’t behave any different.
You are hitting this line:
which means your request is malformed in some way and it can’t detect that it is an api request.
Because this is a staging instance and not local you will have nginx or some other webserver running before it hits discourse. It’s possibly nginx is stripping some headers depending on your config. These may show up in the nginx logs.
This is the line where it reads the api credentials out of the request headers. You could also add some debug statements to this file to figure out if the headers are getting this far.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
