Echoing to this topic : How to allow users to get their API Key - #4 by Matthieu_Rioual , I decided to make my application only for admin who can create an API Key easily through the /admin panel. The application is working when but there is a problem i must solve : the API key has to have the global key access (it means reading and writing) to access the endpoint /notifications.json?username=theusername. On the API creation panel i can see there is a scope “show” that allow access to endpoint “/users/:username/notifications”. But when i try to use the scoped key with postman to this URL i receive HTML code. Same for “/users/:username/notifications.json” that will send me informations about the user but not about notifications. Plus, i don’t have the access to /notifications.json?username=… only with this scope. I conclude that the global key is the only solution to get the notifications right ? Thanks for your help
I can’t reproduce this.
Got an Admin API key like this:
and the following cURL request work fine:
➜ ~ curl 'https://meta.discourse.org/u/falco/notifications.json' \ -H "Api-Key: whyisthisapikeysolonglol"
Thanks again for your response Falco, like i told this url effectively sent me a response but it’s not concerning the notifications but the user informations like can witness this image:
That is indeed true!
Looks like the route
/u/:username/notifications is just a browser route, and the Ember app will just use the standard
/notifications.json route to grab the actual data. And that route isn’t on the list of possible scopes of admin API keys at the moment.
So it’s either User API Key or scope-less Admin API key for notifications currently.
Thanks that’s all i needed for information. Greetings