Search API - Key Permissions

Matt_Jasaitis · May 16, 2022, 6:39pm

Hi There,

I am building an external tool that interacts with the API for our Discourse server. I am trying to hit the following endpoint via the API:

	https://<server_url>/search.json?q=<query>

If I create an API key that has ALL permissions, the search query works fine. However, I need to share this API key with developers who don’t have admin access to Discourse and it seems like a bad practice to have an API key with this power floating around.

I see on the screen where you create the API keys there is a way to limit the scopes that the key has. However, I don’t see any of those scopes referencing the search endpoint above within their scope.

How can I create an API key that has enough permissions to perform a search call but doesn’t have ALL permissions enabled?

leonardo · January 24, 2023, 4:38pm

Hi Matt!

I realize it’s been a while, but we have just added new granular scopes for these endpoints:

/search.json?q=term (search → show)
/search/query?term=term (search → query)

Topic		Replies	Views
Use scoped API Keys Integrations rest-api , how-to	6	2306	September 26, 2020
Get an API key's scopes and user level via the API Dev rest-api	0	487	November 16, 2023
Allow API use by regular users, not just admins Dev rest-api	7	1034	April 29, 2023
Cant create new users Support rest-api	2	27	October 4, 2024
Create and configure an API key Integrations rest-api , how-to	6	28355	May 10, 2024

Search API - Key Permissions

Related topics