Http trace for a post

I’m looking on how to do a HTTP POST to create a reply message to an existing topic.

The docs here say that for a HTTP POST

curl -X POST "Content-Type: multipart/form-data;" -F "api_key=714552c6148e1617aeab526d0606184b94a80ec048fc09894ff1a72b740c5f19" -F "api_username=discourse1" -F "name=89853c20-4409-e91a-a8ea-f6cdff96aaaa" -F "color=49d9e9" -F "text_color=f0fcfd" ""

I presume that the body of the post contains form data.

but then the example for POST shows it instead as JSON

"title": "string",
"topic_id": 0,
"raw": "string",
"category": 0,
"target_usernames": "discourse1,discourse2",
"archetype": "private_message",
"created_at": "2017-01-31"

Also the api target for a post seems to be /posts but other sites says it’s /posts.json

So, is there an example that shows this unambiguously in the documentation preferably as a HTTP trace.


Well, I tried posting the data as JSON and encountered this error:

{"action":"create_post","errors":["Body is too short (minimum is 20 characters)"]}

though the value for raw (message text) is over 20 characters so this is not enlightening.

Well, I then got a bad CSRF error …

but that post told me that I also need to include the api_key and api_name in the URL!

POST /posts.json?api_key=..very.long.api.key&api_username=thatsme HTTP/1.0
Accept: */*
Accept-Charset: utf-8
User-Agent: REBOL
Content-Type: application/json
Content-Length: 234

{"title":"Bot Test","topic_id":36,"raw":"this is an api test that I am trying to see if I can make a post and it needs to be 20 characters","category":8,"name":"Graham","color":"49d9e9","text_color":"f0fcfd","created_at":"2017-05-19"}

And this works.

Sorry for any confusion in the docs. Yes it is showing the example body as JSON mostly just for readability but yes you can create the request as form-data

They are ambiguous, are the same endpoint and will accept the exact same POST body. If the default happens to return JSON then I usually just leave off the .json. Some endpoints that don’t have the extension will return html instead.

That would work, but it actually said:

so you can put the api_key and api_username in the POST body not in the header.

Here is an example curl command for creating a post on a topic:

curl -X POST \
"http://localhost:3000/posts" \
-H "Content-Type: multipart/form-data;" \
-F "api_key=f10bc7457666b1b3b18e7a85e73b975e7010ed3b049e6092199dfc3c4f99763c" \
-F "api_username=system" \
-F "topic_id=12" \
-F "raw=102c406c-54eb-450e-aba4-1ea0a4d0d328 102c406c-54eb-450e-aba4-1ea0a4d0d328 102c406c-54eb-450e-aba4-1ea0a4d0d328"

That would work, but it actually said:

Bad csrf token when making api request
api_key and api_username are POST parameters, not headers.
so you can put the api_key and api_username in the POST body not in the header.

I must have linked to the wrong post. The one I read said that credentials could not be gleaned from the JSON payload, and you had to also include the api_key and api_username in the query string when using the .json endpoint. And it was only then that I managed to get a HTTP POST working for my bot.

Since it’s working that way I’m going to leave it like that for the moment though I should probably switch to using HTTPS.

1 Like

I dunno if anyone else is interested but I was posting all of the commit logs of our builds from github, and then linking to the deployed binaries on S3 from travis-ci to a single topic so that we can easily track them together.