Is there any documentation on the User/Mobile API?

I was looking at the Discourse Mobile app source code and noticed it using the user API keys, and calling /user-api-key/new but I don’t see any reference to that in the Discourse API documentation. Are the routes documented anywhere beyond the source code?

And, how do users from SSO get their own API key? Most documentation that I find mention getting the API key from the admin panel, but that won’t work for me. I’d like to get a list of notifications from here, on meta, and other instances of discourse where I’m just a user. Similar to what the mobile app does already, but I’d like to use the information in a different context.

The HEAD /user-api-key/new request you are seeing is not creating anything, it’s mostly to check the site exists and it has the correct auth API version.

As you can see if it’s a HEAD request we are returning early: https://github.com/discourse/discourse/blob/master/app/controllers/user_api_keys_controller.rb#L13

On the mobile app auth is done with an authToken coming back from the site popup when you tap on authorize see: https://github.com/discourse/DiscourseMobile/blob/master/js/site_manager.js#L437

Concerning the notifications, the documentation is here: http://docs.discourse.org/#tag/Notifications%2Fpaths%2F~1notifications.json%2Fget (I do agree it’s probably incomplete, you might want to grep DiscourseMobile code for “/notifications”)

Current docs are at User API keys specification