Search API - Key Permissions

Matt_Jasaitis · May 16, 2022, 6:39pm

Hi There,

I am building an external tool that interacts with the API for our Discourse server. I am trying to hit the following endpoint via the API:

	https://<server_url>/search.json?q=<query>

If I create an API key that has ALL permissions, the search query works fine. However, I need to share this API key with developers who don’t have admin access to Discourse and it seems like a bad practice to have an API key with this power floating around.

I see on the screen where you create the API keys there is a way to limit the scopes that the key has. However, I don’t see any of those scopes referencing the search endpoint above within their scope.

How can I create an API key that has enough permissions to perform a search call but doesn’t have ALL permissions enabled?

leonardo · January 24, 2023, 4:38pm

Hi Matt!

I realize it’s been a while, but we have just added new granular scopes for these endpoints:

/search.json?q=term (search → show)
/search/query?term=term (search → query)

Topic		Replies	Views
Use scoped API Keys admins rest-api , how-to	6	2036	September 26, 2020
Get an API key's scopes and user level via the API dev rest-api	0	317	November 16, 2023
Allow API use by regular users, not just admins dev rest-api	7	829	April 29, 2023
Create and configure an API key admins rest-api , how-to	2	21565	October 23, 2023
API Scope for pulling data explorer queries feature data-explorer , rest-api , completed	3	636	March 4, 2022

Search API - Key Permissions

Related Topics