Search API - Key Permissions

Hi There,

I am building an external tool that interacts with the API for our Discourse server. I am trying to hit the following endpoint via the API:


If I create an API key that has ALL permissions, the search query works fine. However, I need to share this API key with developers who don’t have admin access to Discourse and it seems like a bad practice to have an API key with this power floating around.

I see on the screen where you create the API keys there is a way to limit the scopes that the key has. However, I don’t see any of those scopes referencing the search endpoint above within their scope.

How can I create an API key that has enough permissions to perform a search call but doesn’t have ALL permissions enabled?