Generating User Api Keys with REST API

(Umer Mirza) #1

I am trying to generate User api keys. I know I can do it from admin dashboard. But instead of there I want to generate by making REST calls. I am following this post User API keys specification
I am getting error “THIS PAGE IS PRIVATE OR DOES NOT EXISTS” when I try to make a GET request to this

Can someone please show me how my url should look like with the paramters. I am also confused what exactly is client_id here? Is it the id of the user whose api needs to created or is the username? Also can I use any url as redirect_url? For the record I have added this redirect url in my admin settings.

(Kunal Kamble) #2

I am also looking for same solution, can anyone help in this?

(Joffrey Jaffeux) #3


to generate an api key for a user:

curl -X "POST" "http://localhost:4000/admin/users/1/generate_api_key?api_key=10efbf2c9a84dfb3b6f60ffa117c029bda7fc9fb8f861ccd0dc8e8fbfa86968d&api_username=joffreyjaffeux"

Learn more about it:

(Dave Jensen) #4

@joffreyjaffeux That’s not the same “API” that @Umer_Mirza was asking about. I put “API” in quote because it may not exist?

The User API keys specification RFC talks about the use case of allowing users themselves the ability to request and API key so that a third party developed app may perform actions on their behalf. You would never want to give a third party your site API key because they would have full access.

I would ask this question in User API keys specification but that topic is closed. Does the API that @sam proposed in that post actually exist or not?

(Sam Saffron) #5

Yes user api keys exists and are consumed by the mobile app, look at the source code of the mobile app for exact specifications for now.

I would love to have this better documented so if you want to take that project on :heart:

(Dave Jensen) #7

Awesome, thanks for the quick response.

Well, maybe I can get something started for documentation. I have to do something on this front anyway so I can post what I come up with here.

(Joffrey Jaffeux) #8

This is the endpoint sam is talking about I think:

(Dave Jensen) #9

Thanks @joffreyjaffeux. I was drafting a similar message but I only had the code from the mobile app. These other code snippets are very useful.

When I tried this API against my own server using Postman, I kept getting a 400 error with no details. My Ruby is a little rusty but I’ll dig into the code more but if you happen to know why a 400 might happen that would be helpful.

(Dave Jensen) #10

I just tried adding my site to the official Discourse app, and it worked so I must be doing something wrong with regard to using the API in Postman.

Aside: I thought the app only worked for officially hosted Discourse sites. :man_shrugging:

(sajattack) #11

I’m getting error code 400 when I visit

(sajattack) #12

Can I get some assistance on this @sam?

(Jeff Atwood) #13

Did you want to purchase a hosting contract with us?

(sajattack) #14

No, but if you can point me in the right direction I’d be happy to document it for others.