Creating Active Users via the API gem

WordPress does this random password thing, I believe. So the precedent is there.

1 Like

I’m already creating the random password and I could send that info in the manual email. But it still doesn’t enable the workflow I need:

  • If I create the user and don’t also approve her, when she tries to log in using the new credentials, Discourse gives a message that says she must be approved.
  • If I create the user and also approve her, Discourse sends the activation email that I don’t want to send.

And even if I could work around that, I’d still have to send instructions like “Log in using this usr/pwd and then go a certain topic (which you don’t know how to do because you’ve never used this before)”. I’d much prefer to create a link like which would at least log them in and ideally redirect to a topic of my choosing.

At this point, I’m still evangelizing for Discourse in this organization, so the users aren’t coming to me, I’m selling to them. Every extra bit of effort required by these mostly non-technical people is losing me users or, at best, injecting annoyance and tech support emails.

There currently is no “supported” way to do this in Discourse it doesn’t exist.

To get around activating a user without sending an email you have to do some weird hacks like create the user with a fake email, activate, let discourse send the email to the fake account then swap the fake email address with the real one. Or you have to activate and then deactivate the user like mentioned above.

I am coming to accept this, but I’m a little puzzled about why this should be so hard. I know this probably isn’t a common use case for forum user invitation, but it doesn’t seem totally bizarre either.

In this thread, it doesn’t sound like the activate/deactivate approach really works, and anyway activating does NOT send the email, it’s approval that sends the email, which is also a bit confusing.

@ryanwanger: Did you ever solve this problem or find an acceptable workaround? I’m struggling with the same problem.

It’s only because its not a core feature of the actual Discourse web workflow and nobody has spent ANY time on it. It’s on my personal list to work on, just haven’t been able to get to it. PR’s are welcome.

I would love to pitch in but I’m not a Ruby programmer. I’d have to start with hello, world and it’d be quite some time before my commits would be useful. :frowning:

It sounds like it doesn’t send the email if Must approve new users is disabled. But I’m not of the other implications of this. If I disable this, can I still make it so that users can’t create accounts?

1 Like

You can disable signups by enabling invite only, which only allows users to sign up if they have an invite from a staff or community member.


I have this need in 3/4 of the forums I run, the 4th forum uses the more common solution: login via SSO to the site they already know.

In the other 3 orgs, there isn’t an SSO provider I can rely on, so I’m in the same boat here. I think that sending a temp, must be reset password, is an OK solution here.

1 Like

I am struggling with same issue!

When creating a user with API, a confirmation email is sent which I want to prevent. The account is activated with the API already. Not only the email becomes redundant - the activation link is not even working. That confuses the user.

Would be great to get an option to disable activation email for API user registration!


Were you able to find a solution to this issue? I am also running into the same issue.

1 Like

To create an active user you will need to make two api calls. The first to create the user and the second to activate them.


When I create the user using the create user API it sends out an email to the user to activate the account. Ideally I don’t want the system to do it as I will be activating the user with the activateuser api call. They one solution that I can find is to create the user, deactivate the user and then activate the user again so that the system wont send an email to the user.

I believe this is now possible as have just tested it and seems to work ok -

"name": "string",
"email": "string",
"password": "string",
"username": "string",
"active": true,
"approved": true,

I used the active = true and approved = true when creating a new user and got the response (with no email sent) -

        "success": true,
        "active": true,
        "message": "Your account is activated and ready to use.",
        "user_id": 2

where as if I set them to false - I get the email and a response

    "success": true,
    "active": false,
    "message": "<p>You’re almost done! We sent an activation mail to <b></b>. Please follow the instructions in the mail to activate your account.</p><p>If it doesn’t arrive, check your spam folder.</p>",
    "user_id": 3
1 Like

Hmm. When I did this last week, I did the deactive, then activate thing. Adding “approved=true” is a good idea. I’m not sure that it matters unless the site requires approval, but I don’t see how it could hurt.

Here’s my solution:

1 Like

I sent active and approved and emailed_confirmed as true just in case, got back “Your account is activated and ready to use” in the response but when I tried to login as that user it said “You can’t log in yet. We previously sent an activation email to you…”

The email_confirmed is what needs to be set but is not accepted via the API. Seems like a second activation call is the current way to do it.

1 Like

Do we still need to deactivate and activate to create active user withought sending confirmation email?

And through the admin panel, i am caninstall so that users are immediately created active?

What method to use for activation user in my plugin?

#in code my plugin
so, what is next?

upd: user.approved

This has been resolved with this commit:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.