Creating Active Users via the API gem

This is not the right way to mass-create users.

Try the bulk invites system?

Hm, let me look into that. This is for a discussion forum that’s only accessible to a set group of users (who are already signed up and confirmed on the parent site). They currently just click a link, and they’re taken to the discussion forum and an account is automatically created.

I want to create users in bulk so that people will start receiving the emails about the forum activity, for those who have never clicked through to the forum. (This is because we’re currently using google groups for a mailing list for these people, and want to do an instant transition over to forums.)

Just getting back to this. We use SSO to login to Discourse from the parent site, so bulk invites isn’t going to work (according to the first sentence here Sending Bulk User Invites).

What is the best approach for me? We’ve got thousands of confirmed users on the parent site, but want the ones who haven’t yet clicked though to the Discourse forum to start receiving emails. (They’re already getting discussion email though Google Groups, which we are going to switch off soon).

1 Like

I had a similar problem, and just wrote a loop in a small ruby script to create all the users.

Hello Everyone,

I am able to create users like below but still have the manual step to approve them. Is this doable via the API GEM or curl?

   name: "Bruce Wayne",
   email: "",
   username: "batman",
   password: "WhySoSerious",
   active: "true"

A parameter like approved: "true" would have been extremely useful here.

1 Like

I looked into this and the best way to create a “pre-activated” (ready to login) user account is to first create a user and activate it just after the user is created.

Here is how to do it via official discourse_api gem:

# create user
user = client.create_user(
  name: "Bruce Wayne",
  email: "",
  username: "batman",
  password: "WhySoSerious"

# activate user

Here is how to do it via cURL request:

# create user
curl -X POST --data "name=dave&username=dave&"

# activate user
curl -X PUT "{USER_ID}/activate.json?api_key=x1y2z3&api_username=xyz"

@techAPJ: This does seem to work, but how can I then programmatically get a link that I can send to the newly created user so they can log right in and, ideally, jump to a specific post? This auto-created user won’t know his/her password and so won’t be able to log in. I assume it isn’t recommended to send them the password in plaintext.

I would make an api call that sends them a password reset email. This way you (1) verify their email, and (2) they get to choose their own password.


The thing I’m trying to accomplish is that they don’t get an email from a system that they don’t know anything about.

My forum is a tool for members of an organization. They know they joined the organization, and they get a manual email from someone else welcoming them.

But they don’t know anything about the forum. I want to create the user programmatically (from their membership data) and make a link that the welcoming committee can send as part of their welcome email. Currently, I create and approve the user, and I’m finding that almost no one understands the email that they get from the system, and they delete it. When we want them to join a conversation at the forum, I have to tell them about it and then manually regenerate the email. This is annoying and preventing smooth onboarding.

If they eventually try to log in from another device, or really do need to reset their password, by then they’re familiar with the software and will jump through the validation steps. But putting up that wall before they’ve gotten one second of benefit from the site is causing most people not to bother.

Since you are manually sending an email from your org could you create a random password using the api and put that password in that email? Then you could encourage them to reset the password after they have started to use the forum.


WordPress does this random password thing, I believe. So the precedent is there.

1 Like

I’m already creating the random password and I could send that info in the manual email. But it still doesn’t enable the workflow I need:

  • If I create the user and don’t also approve her, when she tries to log in using the new credentials, Discourse gives a message that says she must be approved.
  • If I create the user and also approve her, Discourse sends the activation email that I don’t want to send.

And even if I could work around that, I’d still have to send instructions like “Log in using this usr/pwd and then go a certain topic (which you don’t know how to do because you’ve never used this before)”. I’d much prefer to create a link like which would at least log them in and ideally redirect to a topic of my choosing.

At this point, I’m still evangelizing for Discourse in this organization, so the users aren’t coming to me, I’m selling to them. Every extra bit of effort required by these mostly non-technical people is losing me users or, at best, injecting annoyance and tech support emails.

There currently is no “supported” way to do this in Discourse it doesn’t exist.

To get around activating a user without sending an email you have to do some weird hacks like create the user with a fake email, activate, let discourse send the email to the fake account then swap the fake email address with the real one. Or you have to activate and then deactivate the user like mentioned above.

I am coming to accept this, but I’m a little puzzled about why this should be so hard. I know this probably isn’t a common use case for forum user invitation, but it doesn’t seem totally bizarre either.

In this thread, it doesn’t sound like the activate/deactivate approach really works, and anyway activating does NOT send the email, it’s approval that sends the email, which is also a bit confusing.

@ryanwanger: Did you ever solve this problem or find an acceptable workaround? I’m struggling with the same problem.

It’s only because its not a core feature of the actual Discourse web workflow and nobody has spent ANY time on it. It’s on my personal list to work on, just haven’t been able to get to it. PR’s are welcome.

I would love to pitch in but I’m not a Ruby programmer. I’d have to start with hello, world and it’d be quite some time before my commits would be useful. :frowning:

It sounds like it doesn’t send the email if Must approve new users is disabled. But I’m not of the other implications of this. If I disable this, can I still make it so that users can’t create accounts?

1 Like

You can disable signups by enabling invite only, which only allows users to sign up if they have an invite from a staff or community member.


I have this need in 3/4 of the forums I run, the 4th forum uses the more common solution: login via SSO to the site they already know.

In the other 3 orgs, there isn’t an SSO provider I can rely on, so I’m in the same boat here. I think that sending a temp, must be reset password, is an OK solution here.

1 Like