/posts.json API endpoint doesn't list more than 4 posts

I think this is a recent bug that popped up. My client uses the Discourse as a service hosted by the lovely Discourse folks. We use the /posts.json API endpoint to list the 5 most recent posts from the forum on the website (https://forum.bonsaimirai.com/posts.json). We make this request server-side using curl.

Recently, we noticed that we were only ever seeing 3 or 4 of the most recent posts on our site. It looks like when the request is made without an API key, we end up seeing this very short list of recent posts. But when we use the API key with an API username, we see a greater number of posts.

We want the /posts.json endpoint to behave as it used to. We should be able to get whatever number of previous posts it used to deliver. If we use the API key + username, we end up retrieving posts that we don’t want to show to all users (from categories with user tier / group restrictions).

Are there new parameters available for the posts.json request that we can use to specify the desired number of results? Is this a bug that’s unique to whatever version of Discourse is being used for the hosted service? I notice that meta.discourse.org doesn’t exhibit this problem.

That implies you may have special security that keeps some of the posts from being visible to anonymous users?

1 Like

@codinghorror I think I just realized why this is happening. We do have a category on our forum that is restricted to a special group of paying users on our main site. Anonymous / “normal” logged in users can’t access this category.

I’m going to guess that if a single topic in that special category contains some large number of the most recent posts to the site, then they’re simply omitted from the posts.json endpoint for anonymous users. And thus, we exceed whatever the behind-the-scenes limit is for that endpoint. So we end up getting the truncated list that I’m seeing in this specific moment in time when requesting that feed anonymously.

Am I on to something here?

This is probably an edge case. But does it make sense to make a feature request for that endpoint so that it always returns the X number of most recent posts, relevant to whatever level of permissions the request is being made from?


That feature already exists, include the API key of a user with the desired permissions.


Thanks @codinghorror.

This is exactly what I’ve done. I make a request for the /posts.json using my API key with a “dummy” user possessing the desired permissions since not all members of our website have created accounts on the forum yet.

Everything is working as expected.