Discourse API Documentation

To follow up on this for anyone who finds their way here, we managed to solve our problem by programmatically generating User API keys via undocumented behaviour in the User API keys controller

By default, user interaction is required to generate a User API key - however, you can generate a User API Key on the users behalf by using an admin API Key for that user. By making a request to https://sitename.com/user-api-key/new authenticated as a user, i.e. with an api_key and api_username included in the POST data, and by not including an auth_redirect value, the API will respond with the generated key, rather than requiring user interaction to authenticate the application requesting the User API key.

This may not be entirely clear and is quite convoluted so if you’re interested in finding out more, just message me.

We have a python implementation (Django) as an example of how this can be done.

7 Likes

Can you send me details please.

3 Likes

Dear all,
for my forum I wrote a set of bots that are reading/creating/updating posts potentially every minute, sometimes even faster.
When I submit too many requests in a short timespan, I get a 429 by the system, that asks me to slow down.

That is fantastic for preventing abuse from generic/anonymous users, but as I am the admin, I am using an admin level access key and besides I know what I’m doing :stuck_out_tongue: I’d like to know whether there’s a way to disable or to tune the minimum time between API requests for specific API keys.

1 Like

The rate limits are configured through global settings in your site’s app.yml file. Have a look at the “How do I amend these limits?” section of this topic for details about changing them for specific types of API keys: Global rate limits and throttling in Discourse.

5 Likes

10 posts were split to a new topic: Creating notifications via the API

how can i use
return this.http.get(‘https://.trydiscourse.com/categories.json’,

//  { 'Api-Key': '123456789', 'Api-Username': 'system'});

Like I say, our implementation is in Python, using the requests framework, and looks something like this:

response = requests.request(
    "GET",
    url,
    headers={
        "Api-Key": self.api_key,
        "Api-Username": self.api_username,
    }
)

The key to getting this working is of course generating the API key correctly