Hello :wave:, I’m making a GitHub action posting to the Discourse forum. I found the post API, however, the document says Discourse users need to create an API Key from the admin panel , even though non-admin users have no admin panel. Here I have several questions: Is the API key designed even f…

Hello @KengoTODA , welcome here! :slight_smile: :wave: User API keys specification will be helpful for what you have described.

Thank you! I’ve checked the ‘API key generation flow’ part. I understood that it’s for web applications that can provide auth_redirect URL. Is there any recommended way for CLI or GitHub Actions?

If this is for a GitHub Action you will probably be better off creating a scoped api key, that only allows the actions you need, but yes you will need to be an admin to create this key.

For CLI programs, if this is necessary, you can launch a local web server and use a http://localhost:XXXXX/callback URL. The app does something similar.

OK I’ll have a try, thanks for your support!

You can create an user API following Generating User API Keys for testing

I’m working in this branch , and successfully run the command using localhost as redirect URL. However, after I click the button to authorize, the page https://meta.discourse.org/user-api-key reported a JS error and it could not proceed the operation. The ruby script works but it also fails when I ad…

I’m investigating this issue. The JS throws an error, because the POST method for /user-api-key returns 403 and build_not_found_page method in the controller does not invoke the preload_anonymous_data method that stores preloaded value. It’s not sure why the server responded 403 with <h1 class="t…

You need to add the domain (and path) to the allowed user api auth redirects site setting. If you’re manually issuing HTTP requests, then discourse://auth_redirect should work.

Thanks, I found the config in the site_settings.yml and understood why my request met 403. The discourse://auth_redirect does not work as expected to me, so I’ll try to ask users to input the encrypted token manually, just like the ruby code .

هل يمكن للمستخدم غير المسؤول إصدار مفتاح API الخاص به؟

مطور

osioke (Osioke Itseuwa) 14 ديسمبر 2020، 10:14ص 2

مرحبًا @KengoTODA، أهلاً بك هنا!

سيكون هذا الرابط مفيدًا لما وصفته: User API keys specification

3 إعجابات

الموضوع		الردود	مرات العرض
Create apikey for user programmatically as admin Development rest-api	8	1950	26 فبراير 2024
Generate User Api Key Without User Approval Development	4	883	2 يوليو 2024
Allow API use by regular users, not just admins Development rest-api	7	1325	29 أبريل 2023
User API keys specification Integrations rest-api , reference	70	35343	22 سبتمبر 2025
Generating User Api Keys with REST API Development rest-api	20	8702	8 أبريل 2018

هل يمكن للمستخدم غير المسؤول إصدار مفتاح API الخاص به؟

الموضوعات ذات الصلة