What scopes exactly does the Wordpress API key need?

I would prefer to not give a global API key to the wordpress plugin. I don’t want a compromise in the wordpress site to result in user accounts deleted (or edited, or logged out). However, limiting the scopes by guesswork seems to give weird results (like it can’t load subcategories).

What scopes does this actually need to work?


With the Wordpress pre-dating the Admin API scopes by several years I doubt it can work with it.

It’s an interesting feature request.

I would really appreciate it. The global API key can do a lot of things, and we’re using our Discourse instance for more than just the blog comments, so it’d be nice to keep it scoped to just what it needs.

Is such a feature request better in this category, or in features?

I’ve been thinking the same thing! (I currently maintain the plugin). This is the right category to raise it.

I’ll discuss it with @simon and get back to you.