Discourse API Documentation

Just noticed the deprecation warning:

  • We detected an API request using a deprecated authentication method. Please update it to use header based auth.

Anybody know when it is going to be removed completely? (i.e how long have we got before we need to update?)

Great to see there’s a Discourse api gem btw! Should make things a lot easier :smiley:

2 Likes

We don’t have a specific timeline set for this. At minimum a month or two, could be longer.

Thanks for bringing this up. We are considering some options to keep support for private rss and such in some way.

7 Likes

After having lost half a day chasing the rabbit :slight_smile: I want to share one subtle change that goes on top to moving api_key and api_username into the header of the request.

Parameters names in the request payload (deprecated)

api_username, with an underscore
api_key, with an underscore

Parameters names when used in the Header

Api-Username, with hyphen (or dash)
Api-Key, with a hyphen (or dash)

For me this was almost impossible to see, and I banged my head against the wall countless times fighting 403 [BAD CRF] error before spotting that we moved from underscore to dashes.

You out there don’t laugh at me :stuck_out_tongue:

9 Likes

Never! :rofl: Many of us have had similar “experiences.” :innocent:

4 Likes

Would it be possible to add a private access key similar to how reddit’s private feeds work? That would be the simplest solution I would think.

1 Like

Does the HTTP header based authentication has strictly the same behavior? I remember when the HTTP headers were available I tried them and I got weird behaviors where sometimes it did not work as expected. I know it’s vague, but I had no time to investigate back then. I’m just worried that since we are forced to update all our code, new issues will arise suddenly.

1 Like

Yes. Nothing else should change behavior wise. Just need to move the location of the api credentials.

Maybe you are thinking of the User API keys specification? Which is different than just using the full api.

2 Likes

Thanks for pointing this out, though, it wasn’t enough to entirely prevent my head-banging. Apparently remembering this and enacting it are two different things. :wink:

1 Like