Continuing the discussion from Discourse API Documentation : [image] Discourse REST API Documentation To become authenticated you will need to create an API Key from the admin panel. Once you have your API Key you can pass it in as a url parameter like this: curl http://localhost:3000/c/test/su…

I don’t believe there is support to put the parameters in the header, but you can put them in the body of the request and not as part of the url.

Using POST where I mean GET might work, but it’s icky at best. Arguably it’s a bug if POST is accepted in most contexts where GET is what’s meant, and I would be wary about assuming that wouldn’t become the case if it’s not now. I wonder if there’s an OAuth based approach to be had?

I believe you can send the api parameters inside the body even in a GET request. [Paul Morgan] HTTP GET with request body rest, http, http-get answered by Paul Morgan on 08:27PM - 11 Jun 09 UTC I believe this is how the disc…

As your linked post says, giving semantic meaning to the body of a GET request is a violation of the spec. Looking over how github does it, using basic http authentication looks rather straight-forward.

I don’t mind adding support for HTTP headers used for auth like S3 does, etc … submit a PR

Was this submitted? Am I able to authenticate with Authorization headers via the API?

I don’t think this has been done yet.

This is absolutely something I want to support and something the user API already supports.

[image] blake: I don’t think this has been done yet. Before that, should we send authentication parameters in request body for all GET requests? Or what is the best workaround?

Hi there, Is there any news related to putting the API Key inside an Authorization header instead using a query parameter ?

API: Can I authenticate without putting the key in the URL?

Dev

simon Mai 10, 2019, 11:18 14

The Discourse API now supports, and recommends passing the authentication details in the request’s HTTP headers. See the updated Discourse API Documentation topic and the Authentication section of https://docs.discourse.org/ for details.

Sujet		Réponses	Vues
API Key as a query string parameter is a security risk, right? Development	5	9139	Mai 14, 2020
Discourse API - Unable to query certain endpoints Support	8	1536	Octobre 31, 2019
Authenticating using API keys when accessing API through fetch Development rest-api	4	1495	Novembre 28, 2019
Using Discourse API to return user data when the "Require authentication to read content on this site, disallow anonymous access." setting is checked Bug rest-api	8	3012	Août 11, 2020
How to set Authorization token in request headers when user attempts to login on discourse SSO	3	2210	Avril 28, 2023

API: Can I authenticate without putting the key in the URL?

Sujets connexes