Your example works as-is modulo the expected parameters against our test site:
○ → curl -i -X PUT "https://try.discourse.org/admin/users/41/suspend.json" \
-H "Api-Key: swordfish" \
-H "Api-Username: michael" \
-H "Content-Type: application/json" \
-d '{"suspend_until": "2024-12-31", "reason": "Violation of community guidelines"}'
HTTP/2 200
server: nginx
date: Mon, 11 Nov 2024 19:27:44 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
x-discourse-username: michael
x-discourse-route: users/suspend
cache-control: no-cache, no-store
x-request-id: fe9c5ddc-b11a-45ba-ab41-9403eb53f255
cdck-proxy-id: app-router-tiehunter03.sea1
strict-transport-security: max-age=31536000
cdck-proxy-id: app-balancer-tieinterceptor1b.sea1
{
"suspension": {
"suspend_reason": "Violation of community guidelines",
"full_suspend_reason": "Violation of community guidelines",
"suspended_till": "2024-12-31T00:00:00.000Z",
"suspended_at": "2024-11-11T19:27:44.927Z",
"suspended_by": {
"id": 85,
"username": "michael",
"name": "Michael Brown",
"avatar_template": "/user_avatar/try.discourse.org/michael/{size}/639_2.png"
}
}
}
- validate the API key
does Discourse show a valid user authentication (x-discourse-username) when making a simple GET with that key? - validate the user ID
it really exists, right? it’ll 404 if it doesn’t - are you behind Cloudflare?
it can mess with parameters