We’ve been setting up the Discourse MCP server to connect our Discourse instance to Claude Desktop via config files. When using a single-use API key with granular access controls, the MCP server throws a 403 Forbidden error because it can’t read about.json.
Snippet from the Console Logs
[2026-03-18T12:09:13.703Z] INFO Starting Discourse MCP v0.2.6
[2026-03-18T12:09:16.679Z] ERROR HTTP 403 Forbidden for GET ``https://qna.tax/about.json:`` {“errors”:[“You are not permitted to view the requested resource. The API username or key is invalid.”],“error_type”:“invalid_access”}
[2026-03-18T12:09:16.679Z] ERROR Failed to validate --site ``https://qna.tax``: HTTP 403 Forbidden
There is no option anywhere to grant or revoke read access to “about” on granular permission.
Current workaround:
Switching to a global API key (not scoped) resolves the 403 — but that’s not viable for any production setup where least-privilege access matters.
Either about.json should be accessible to any valid API key regardless of scope (since it’s public site metadata), or the granular permissions UI should include an explicit option to whitelist it.