By looking at the URL generated by the discourse android app, I’ve uncovered the fields required for
/user-api-key/new
- scopes - these are the permissions of the api key, in the case of the official app, to read notifications and to read session info
- client-id - hex string, dunno
- nonce - another hex string, used as a cryptographic nonce
- auth_redirect - url to redirect to after permission is given
- application_name - the name to display to the user of the application using the api
- public_key - a public RSA key
Still a few questions:
- What are all the valid values for scopes?
- Where does the client-id come from?
- Are all api responses encrypted with the public key or what is it’s purpose?