How to get a feed from a password protected Discourse?


#1

Hello. I need to display password protected Discourse feed on the external site. How to do that?

Other sites suggest using this structure http://[username]:[password]@[domain]/[path]
But for Discourse it doesn’t work.

By the way, the external site that I want to show the feed is a wordpress page. Discourse is linked to this page with SSO.

Any ideas?


(Robin Ward) #2

I assume you mean RSS feeds.

You can generate an API key for a user account on your site in the admin section. Then you can just append it to any URL like so:

http://meta.discourse.org/latest.rss?api_key=KEYHERE

I should note there are security issues with making that api key visible to users. If someone has it, they can do anything that the underlying user account can do. It would be much better to fetch the RSS server side using the key then only exposing the resulting feed.

Also, be especially careful not to generate an “All Users” key for this. If someone gets that key they can do anything as any user on your site. So just be extra careful :smile:


#3

Great answer, eviltrout. Thank you very much :smile:


#4

We are having the issue that the RSS feeds do not work with an api_key if the categories have read restrictions, even if the api_key is valid for a user that should be able to access the category.

Is this a bug or by design?


(Robin Ward) #5

That sounds like a bug to me. The API key should function as the user associated with it. Are you passing the correct username through too?


#6

No, I’m not passing a username, as I am using a key associated with a user.

If I try in an unauthenticated session:

http://myserver.example.com/latest.json?api_key=my_api_key

I get the results I expect

If I try

http://myserver.example.com/latest.rss?api_key=my_api_key

I get no results.

So unless RSS has some special case of how to use API keys, I think it may be a bug


(Arpit Jalan) #7

This was a bug, now fixed via:


WP Discourse Widgets plugin for WordPress
WP Discourse Widgets plugin for WordPress
(Steve Combs) #8

With the new fix, I am able to view restricted categories in the RSS feed at …

http://myserver.example.com/c/my_category.rss?api_key=my_api_key

but Latest only shows public topics in the RSS feed

http://myserver.example.com/latest.rss?api_key=my_api_key

Is this still unresolved or am I missing something? Thanks.