Hi everyone!
We have decided to use Discourse as our main forum interface with Discourse SSO as login/signup.
The SSO features (details sync, …) are implemented and working (mentioning this just for bit of background).
In order to comply with GDPR I’m trying to implement user anonymization using API call from our backend (as detailed here: Discourse API Docs ).
Unfortunately the endpoint responses with:
{ ...
statusCode: 403,
error: '{"errors":["You are not permitted to view the requested resource."],"error_type":"invalid_access"}',
... }
The API call looks like:
await request.put({
url: `${discourseApiUrl}/admin/users/${discourseUserId}/anonymize.json`,
headers: {
'Api-Key': "API KEY",
'Api-Username': "system"
},
});
The discourseUserId is obtained from the admin/users/list/all.json?email=<email> endpoint and that call works without any problems (using the same API key and username).
I’w tried calling the endpoint from Postman as well with the same result (“invalid_access”).
I will greatly appreciate any pointer on what I’m missing or suggestion how to resolve this.