User API key instead of Admin API key?


(James Cobalt) #1

When entering a user API key and the username associated with that key, I get the “You are connected to Discourse!” message. When I go into a Wordpress post, I see the list of Discourse categories I can publish to. However, publishing my post to Discourse only works when I use the Admin key. For security and multi-user purposes, I’d rather use the user API key even if it means some functionality doesn’t work (like SSO). Do I just need to change something somewhere or is this simply not possible?


(Simon Cossar) #2

It should with a non-admin API key if the API key matches the Publishing username. Most of the SSO functionality should also work. Setting things up this way would mean that only the user for whom the API key is set will be able to publish posts. At the moment it’s not possible to add multiple API keys to the plugin.

I’ll look at this some more.


(James Cobalt) #3

I changed it back to the user API but this time I removed all the Discourse publishing names from the Wordpress users. I figured this would reduce or remove any conflict between my user publishing another user’s post on another user’s API key. Same behavior as before though… at first.

I also noticed that the connection message wasn’t consistent. Sometimes it said I am connected, and other times it said “You are not connected to a Discourse forum. Please check your settings”. It went back and forth between that and “connected” as I switched between tabs or reloaded the page. It did this whether or not I was using the Admin API key or User API key, but at least it worked with the Admin key.

After I updated a bunch of WP plugins (including the Discourse plugin), I noticed the message was consistently “connected”. I tried it again with the User key, and now it… returns a 502 error. BUT the posts do publish on Discourse regardless! So maybe that 502 is a server config issue on my part. shrug


(Simon Cossar) #4

I’ve only ever seen that happen when doing development on my local computer - with Discourse in development mode. The plugin is making an API call to Discourse when the options page is refreshed. If the response is bad you’ll get the not-connected notice.

If you’re willing to post all WordPress posts to Discourse under a single Discourse username, what you’re trying to do should be able to work without producing any errors. You’ll have to make sure that the Discourse username is not set on WordPress for any users other than the one whose username/API key you are using. When creating posts, users will see a warning at the top of the page saying that they haven’t set their Discourse username. That notice could be disabled.