API Error: You are not permitted to view the requested resource

erik_chan · October 28, 2015, 10:30pm

I am receiving the following error:

DiscourseApi::UnauthenticatedError: 
{"errors"=>["You are not permitted to view the requested resource."], "error_type"=>"invalid_access"}

when I make the ruby API call ‘category_latest_topics’

response = client.category_latest_topics("<some_category>")

This is due to the category permissions (the category is not public). I tried to authenticate by using

client.api_username = "system"

and making sure “system” is a member of the group that has permissions to the category but still no luck! Any suggestions or workarounds?

erik_chan · October 30, 2015, 3:12am

No response so far. Am I posting this in the right forum?

codinghorror · October 30, 2015, 3:49am

Try using a different user, other than System. Issue an API key for a different user. You will need to experiment.

erik_chan · October 30, 2015, 4:18am

No luck. Tried issuing API key for different users who have permission to the category but still no access.

erik_chan · November 1, 2015, 8:15pm

Would be awesome if anyone else has suggestions for this?

How can I access a private category via the API. This should not be an issue for users/system with admin rights to the forum.

chenny408 · November 4, 2015, 2:58am

I’m having the same issue, can someone take a look into this?

purldator · November 5, 2015, 5:27am

Have you attempted to generate a key from your account? You are the admin who created the forum, yes? You say “users/system” so I am wondering if you tried your own account.

erik_chan · November 5, 2015, 5:41am

Yes i am the admin of my forum.

I have tried both my username and system with no luck. I can’t call client.category_latest_topics(<category_name>) even though the user has permissions to the category

purldator · November 5, 2015, 5:53am

I feel some other variable exists and is causing this error; one that cannot be seen due to the limited info provided.

Be sure to check these topics in regards to setting up and using the Discourse API, if you have not yet done so.

erik_chan · November 5, 2015, 6:15am

Appreciate your help. If you read my original post i am using the ruby api. I have also looked through the documentation before posting this topic.

If you could show me what variable i am missing or where to exactly to find out more i would appreciate it.

j127 · June 19, 2020, 8:28pm

Is anyone else experiencing this problem at the moment? I’ve been trying for two days to use the API, but I get similar errors every time. I’m not sure if I’m missing a step or if something changed.

I created a new API key for the system user. I also tried creating an API key for all users and then using my admin account.

Using the discourse_api Ruby gem:

DiscourseApi::UnauthenticatedError ({"errors"=>["You are not permitted to view the requested resource. The API username or key is invalid."], "error_type"=>"invalid_access"})

I also tried with this code from another post:

require 'net/http'
require 'uri'

INSTANCE_URL = 'https://forum.example.com/admin/users/list/all.json?email=user@example.com'
API_USERNAME = 'system'
API_KEY = 'a_new_api_key_here'

def send_request
  url = URI.parse(INSTANCE_URL)
  request = Net::HTTP::Get.new(url.path)
  request.set_form_data({'api_username' => API_USERNAME, 'api_key' => API_KEY})
  http = Net::HTTP.new(url.host, url.port)
  response = http.request(request)

  if response.code == '200'
    puts "Success!"
  else
    puts "Error"
    puts response.code
  end
end

send_request # 400

I also tried using the API by putting the api_username and api_key in form data along with a raw request, but I get a 404 error.

I’m trying to write a script that reads in a list of email addresses, gets the usernames, and then unsubscribes them from all Discourse emails.

simon · June 19, 2020, 10:45pm

For the error that you’re getting with the raw ruby code, the problem is that the Api-Key and Api-Username need to be set in the request headers. The API field names also need to use dashes (-) instead of underscores (_). Have a look at the Authentication section at the top of https://docs.discourse.org/ for details about how to authenticate the request.

I’m not sure what would be causing the error when you make the call with the Discourse API gem. The most likely cause of the problem is that you aren’t using the correct API credentials. Make sure that you are using an API key that has its User Level set to All Users:

If that doesn’t solve the problem for you, post the request that you’re trying to make here and I’ll have a look at it.

j127 · June 19, 2020, 11:18pm

Thanks, that works. I was following the first couple of posts here, which might need to be updated:

simon · June 19, 2020, 11:55pm

Thanks for pointing that out. I’ve updated the OP and deleted oldest posts from the topic.

Topic		Replies	Views
Using the Discourse API ruby gem to post a topic as a specific user Dev rest-api	9	1192	October 3, 2018
Discourse REST API Documentation Developer Guides rest-api , reference	0	125478	December 1, 2014
Create topic using Discourse API Dev rest-api	3	823	November 3, 2022
Sudden "The requested URL or resource could not be found." Support	17	2601	June 4, 2021
Access via Discourse API, key and/or user rejected Dev rest-api	2	660	December 1, 2023

API Error: You are not permitted to view the requested resource

Related topics