Continuing the discussion from Discourse API Documentation : [图片] Discourse REST API Documentation To become authenticated you will need to create an API Key from the admin panel. Once you have your API Key you can pass it in as a url parameter like this: curl http://localhost:3000/c/test/sub-t…

I don’t believe there is support to put the parameters in the header, but you can put them in the body of the request and not as part of the url.

Using POST where I mean GET might work, but it’s icky at best. Arguably it’s a bug if POST is accepted in most contexts where GET is what’s meant, and I would be wary about assuming that wouldn’t become the case if it’s not now. I wonder if there’s an OAuth based approach to be had?

I believe you can send the api parameters inside the body even in a GET request. [Paul Morgan] HTTP GET with request body rest, http, http-get answered by Paul Morgan on 08:27PM - 11 Jun 09 UTC I believe this is how the disc…

As your linked post says, giving semantic meaning to the body of a GET request is a violation of the spec. Looking over how github does it, using basic http authentication looks rather straight-forward.

I don’t mind adding support for HTTP headers used for auth like S3 does, etc … submit a PR

Was this submitted? Am I able to authenticate with Authorization headers via the API?

I don’t think this has been done yet.

This is absolutely something I want to support and something the user API already supports.

[图片] blake: I don’t think this has been done yet. Before that, should we send authentication parameters in request body for all GET requests? Or what is the best workaround?

Hi there, Is there any news related to putting the API Key inside an Authorization header instead using a query parameter ?

API: Can I authenticate without putting the key in the URL?

开发

simon 2019 年5 月 10 日 23:18 14

The Discourse API now supports, and recommends passing the authentication details in the request’s HTTP headers. See the updated Discourse API Documentation topic and the Authentication section of https://docs.discourse.org/ for details.

话题		回复	浏览量
API Key as a query string parameter is a security risk, right? Development	5	9109	2020 年5 月 14 日
Discourse API - Unable to query certain endpoints Support	8	1515	2019 年10 月 31 日
Authenticating using API keys when accessing API through fetch Development rest-api	4	1484	2019 年11 月 28 日
Using Discourse API to return user data when the "Require authentication to read content on this site, disallow anonymous access." setting is checked Bug rest-api	8	3005	2020 年8 月 11 日
How to set Authorization token in request headers when user attempts to login on discourse SSO	3	2195	2023 年4 月 28 日

API: Can I authenticate without putting the key in the URL?

相关话题