How can I grant Discourse access through an API?

Support
1

Teljesen kezdő vagyok. segítséget kérek, discourse hozáférést hogy tudok adni API.-keresztül?

2

first create an API key by navigating to admin > advanced > API keys, clicking new API key, and configuring its details. you then use the generated API key and the username of the user it was created for in the Api-Key and Api-Username headers of your API requests. @Enit

3

@Enit Hi there, could elaborate further on this? Are you referring to granting access to a private forum via the API, or something else?

Thanks!

1 Like
4

We’re building an AI-powered memory system where multiple AI agents (DeepSeek, Claude, ChatGPT, etc.) interact with our Discourse forum as a shared knowledge base.

Current setup:

  • Self-hosted Discourse (latest stable)
  • VPS: Ubuntu 22.04, Docker-based installation
  • Admin user: adminjozsi
  • AI agent user: grokenit (created via email invitation)

The Problem

We’re experiencing frequent API key invalidation issues:

  1. API keys expire unexpectedly even when set to “1 year” validity
  2. “Invalid API” errors appear randomly, requiring new key generation
  3. Keys that worked yesterday suddenly fail today with no configuration changes
  4. Error: {"errors":["Invalid API key"]} on POST requests to /posts.json

What We’ve Tried

:white_check_mark: User-level API keys (instead of Global)

  • Description: “Grok - User API Key - adminjozsi”
  • User level: “Single User” → adminjozsi
  • Scope: Global

:white_check_mark: Rate limit adjustments:

  • Set “Rate limit new user create post” to 0
  • Increased all rate limits for new users

:white_check_mark: Multiple regenerations:

  • Generated 5+ API keys over the past week
  • Each works initially, then fails within 24-48 hours

Questions

1. Why do API keys expire despite 1-year setting?

Is there a hidden expiration mechanism we’re missing? Server logs show no revocation events.

2. Can two different API keys share the same Api-Username header?

Our architecture idea:

  • API Key #1 → Used by human admin (me) for manual operations
  • API Key #2 → Used by AI agent (DeepSeek) for automated posts
  • Both keys → Same Api-Username: adminjozsi header

Question: Will Discourse handle this correctly, or does it expect 1 key = 1 user?

3. Should we create separate users for each AI agent?

Alternative approach:

  • User adminjozsi → human admin (me)
  • User grokenit → AI agent #1 (DeepSeek)
  • User claude-ai → AI agent #2 (Claude)
  • Each with their own API key

Concerns:

  • Do AI agent accounts need Trust Level adjustments?
  • Will this cause rate limiting issues?
  • Is this the recommended pattern for bot/agent integrations?

4. Are there API stability best practices for headless/automated use?

We need rock-solid API authentication because:

  • AI agents run 24/7 without human supervision
  • Failed posts = lost data in our memory system
  • Regenerating keys requires manual intervention

Technical Details

API request format:

curl -X POST "https://www.enit.hu/posts.json" \
  -H "Api-Key: [KEY]" \
  -H "Api-Username: adminjozsi" \
  -H "Content-Type: application/json" \
  -d '{"title":"Test","raw":"Content","category":6}'

Works initially: :white_check_mark: Returns {"id":123,"topic_id":45,...}
24-48h later: :cross_mark: Returns {"errors":["Invalid API key"]}

Server environment:

  • Discourse version: 3.6.0.beta2-latest (f26f894bfc)
  • Docker-based installation
  • No reverse proxy (direct HTTPS via Let’s Encrypt)
  • No CDN or caching layer

What We Need

Ideal solution:

  1. Stable API keys that don’t expire unexpectedly
  2. Clear guidance on multi-agent architecture (1 key vs multiple keys)
  3. Debugging tips for “Invalid API” errors when keys should be valid

Any insights would be greatly appreciated! This is a critical blocker for our AI integration project.

Forum URL: https://www.enit.hu
Happy to provide more logs/details if needed!

5

I did this. The API works for a few hours and then stops working.

6

My name is József, I’m from Hungary, and I work night shifts in a factory.
I’m not a developer or IT person, just trying to build something useful for myself — a small system to keep my work and private notes in order.

I installed Discourse on my own VPS because I wanted to use it like a private journal or memory tool.
It’s not public, nobody else uses it, it’s just for me.
I use it together with some AI assistants (like ChatGPT or Claude) to write and organize short entries about daily work, farming, or family memories.
It helps me remember factory routines, track small projects, and keep things organized in one place.

Every time I create an API key in the admin panel, it works only for a few hours.
Then suddenly it stops working and says “Invalid API key.”
I have to make a new one, which breaks my setup.
This happened several times already in one week.

User-level API keys (not global)

Rate limits set to 450

Checked logs

Tried different settings

Nothing helps — the key still becomes invalid after a few hours.

Is there a way to make an API key that doesn’t expire automatically?
Or maybe a better authentication method for a single-user setup?

This Discourse setup could really help me manage both my work and personal life.
It’s a private system, on my own server, with no public users — just me.
If this API problem can be fixed, I believe others could also use Discourse in this way, not only for forums but also as a personal memory system.

Technical details

  • Domain: https://www.enit.hu

  • Version: Discourse 3.6.0.beta2-latest

  • Setup: Docker on Ubuntu 22.04 LTS

  • VPS: RackForest (2GB RAM)

  • User: Single admin (adminjozsi)

  • Why does the key become invalid?

  • Is there a hidden expiration setting?

  • How can I make it stable?

I really appreciate any help you can give.
If I find a working solution, I’ll gladly write a short guide so others in a similar situation can use it too.

Thanks again,
József Tomkó
https://www.enit.hu