I was looking at the Discourse Mobile app source code and noticed it using the user API keys, and calling
/user-api-key/new but I don’t see any reference to that in the Discourse API documentation. Are the routes documented anywhere beyond the source code?
And, how do users from SSO get their own API key? Most documentation that I find mention getting the API key from the admin panel, but that won’t work for me. I’d like to get a list of notifications from here, on meta, and other instances of discourse where I’m just a user. Similar to what the mobile app does already, but I’d like to use the information in a different context.
HEAD /user-api-key/new request you are seeing is not creating anything, it’s mostly to check the site exists and it has the correct auth API version.
As you can see if it’s a HEAD request we are returning early: https://github.com/discourse/discourse/blob/master/app/controllers/user_api_keys_controller.rb#L13
On the mobile app auth is done with an
authToken coming back from the site popup when you tap on
authorize see: https://github.com/discourse/DiscourseMobile/blob/master/js/site_manager.js#L437
Concerning the notifications, the documentation is here: http://docs.discourse.org/#tag/Notifications%2Fpaths%2F~1notifications.json%2Fget (I do agree it’s probably incomplete, you might want to grep DiscourseMobile code for “/notifications”)