How to get a feed from a password protected Discourse?


Hello. I need to display password protected Discourse feed on the external site. How to do that?

Other sites suggest using this structure http://[username]:[password]@[domain]/[path]
But for Discourse it doesn’t work.

By the way, the external site that I want to show the feed is a wordpress page. Discourse is linked to this page with SSO.

Any ideas?

(Robin Ward) #2

I assume you mean RSS feeds.

You can generate an API key for a user account on your site in the admin section. Then you can just append it to any URL like so:

I should note there are security issues with making that api key visible to users. If someone has it, they can do anything that the underlying user account can do. It would be much better to fetch the RSS server side using the key then only exposing the resulting feed.

Also, be especially careful not to generate an “All Users” key for this. If someone gets that key they can do anything as any user on your site. So just be extra careful :smile:


Great answer, eviltrout. Thank you very much :smile:


We are having the issue that the RSS feeds do not work with an api_key if the categories have read restrictions, even if the api_key is valid for a user that should be able to access the category.

Is this a bug or by design?

(Robin Ward) #5

That sounds like a bug to me. The API key should function as the user associated with it. Are you passing the correct username through too?


No, I’m not passing a username, as I am using a key associated with a user.

If I try in an unauthenticated session:

I get the results I expect

If I try

I get no results.

So unless RSS has some special case of how to use API keys, I think it may be a bug

(Arpit Jalan) #7

This was a bug, now fixed via:

(Steve Combs) #8

With the new fix, I am able to view restricted categories in the RSS feed at …

but Latest only shows public topics in the RSS feed

Is this still unresolved or am I missing something? Thanks.