API Error: You are not permitted to view the requested resource

I am receiving the following error:

{"errors"=>["You are not permitted to view the requested resource."], "error_type"=>"invalid_access"}

when I make the ruby API call ‘category_latest_topics’

response = client.category_latest_topics("<some_category>") 

This is due to the category permissions (the category is not public). I tried to authenticate by using

client.api_username = "system"  

and making sure “system” is a member of the group that has permissions to the category but still no luck! Any suggestions or workarounds?


No response so far. Am I posting this in the right forum?

Try using a different user, other than System. Issue an API key for a different user. You will need to experiment.

No luck. Tried issuing API key for different users who have permission to the category but still no access.

Would be awesome if anyone else has suggestions for this?

How can I access a private category via the API. This should not be an issue for users/system with admin rights to the forum.

I’m having the same issue, can someone take a look into this?

1 Like

Have you attempted to generate a key from your account? You are the admin who created the forum, yes? You say “users/system” so I am wondering if you tried your own account.

Yes i am the admin of my forum.

I have tried both my username and system with no luck. I can’t call client.category_latest_topics(<category_name>) even though the user has permissions to the category

I feel some other variable exists and is causing this error; one that cannot be seen due to the limited info provided.

Be sure to check these topics in regards to setting up and using the Discourse API, if you have not yet done so.

Appreciate your help. If you read my original post i am using the ruby api. I have also looked through the documentation before posting this topic.

If you could show me what variable i am missing or where to exactly to find out more i would appreciate it.

1 Like

Is anyone else experiencing this problem at the moment? I’ve been trying for two days to use the API, but I get similar errors every time. I’m not sure if I’m missing a step or if something changed.

I created a new API key for the system user. I also tried creating an API key for all users and then using my admin account.

Using the discourse_api Ruby gem:

DiscourseApi::UnauthenticatedError ({"errors"=>["You are not permitted to view the requested resource. The API username or key is invalid."], "error_type"=>"invalid_access"})

I also tried with this code from another post:

require 'net/http'
require 'uri'

INSTANCE_URL = 'https://forum.example.com/admin/users/list/all.json?email=user@example.com'
API_USERNAME = 'system'
API_KEY = 'a_new_api_key_here'

def send_request
  url = URI.parse(INSTANCE_URL)
  request = Net::HTTP::Get.new(url.path)
  request.set_form_data({'api_username' => API_USERNAME, 'api_key' => API_KEY})
  http = Net::HTTP.new(url.host, url.port)
  response = http.request(request)

  if response.code == '200'
    puts "Success!"
    puts "Error"
    puts response.code

send_request # 400

I also tried using the API by putting the api_username and api_key in form data along with a raw request, but I get a 404 error.

I’m trying to write a script that reads in a list of email addresses, gets the usernames, and then unsubscribes them from all Discourse emails.

For the error that you’re getting with the raw ruby code, the problem is that the Api-Key and Api-Username need to be set in the request headers. The API field names also need to use dashes (-) instead of underscores (_). Have a look at the Authentication section at the top of https://docs.discourse.org/ for details about how to authenticate the request.

I’m not sure what would be causing the error when you make the call with the Discourse API gem. The most likely cause of the problem is that you aren’t using the correct API credentials. Make sure that you are using an API key that has its User Level set to All Users:

If that doesn’t solve the problem for you, post the request that you’re trying to make here and I’ll have a look at it.


Thanks, that works. I was following the first couple of posts here, which might need to be updated:


Thanks for pointing that out. I’ve updated the OP and deleted oldest posts from the topic.