So you probably want something like DiscourseConnect - Official Single-Sign-On for Discourse (sso).
Or if the app is pulling data from Discourse in the browser then the user will be logged in already. Or if the app is pulling the data in some automated fashion on he backend then you can just use the global key.