Issue with Edgeryders form

@daniel Thanks - unfortunately I’m getting the same 403 and I’m not sure why…

Screenshot 2020-07-27 at 19.44.49

The payload looks like this:

{"title":"Rethinking retirement - response by owen","raw":"test_post 1","category":250,"topic_id":19987}

topic_id is there, so I don’t believe this is the issue.

curl 'https://edgeryders.eu/posts.json' \
  -H 'Connection: keep-alive' \
  -H 'Api-Key: 0e82...' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_16_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36' \
  -H 'Content-Type: application/json' \
  -H 'Accept: */*' \
  -H 'Origin: https://webkitsandbox.netlify.app' \
  -H 'Sec-Fetch-Site: cross-site' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Referer: https://edgeryders.eu/' \
  -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \
  --data-binary '{"title":"Rethinking retirement - response by owen","raw":"test_post 1","category":250,"topic_id":19987}' \
  --compressed

test_post 1

It needs to be a post request like curl -X POST - then it shall work.

fetch("https://edgeryders.eu/posts.json", {
    method: 'post',
    headers: { 'Api-Key': apiKey, 'Content-Type': 'application/json' },
    body: getPayload()
  })

this is the javascript equivalent of curl -X POST… unless I’m missing something?

the same function was working back in November… but I can try it with a different http request.

Hmm, your curl request worked for me when it was sent as a post request and the topic-id adapted to this topic (13926). Your API key is also active. Let me know the error if it’s not working.

It’s the same 403 forbidden error :frowning:

after reading some discussions I understand that the topic_id parameter is optional, for adding a post to an existing topic. if not present, it should create a new topic - this was how the form was intended to work (see an example response here)

Regardless when including topic_id or only the category_id to post in, both return the 403 error.

The body payload is like this:

var payload = {
      title: 'Rethinking retirement - response by owen',
      raw: 'test_post 1',
      category: 237
    };

So it should post a new topic in category 237 (campfire).

@gdpelican may be able clarify how this should work, if available.


Update - in this example, different header parameters are used:

curl -X POST "https://my.discourse.com/posts" \
-H "Content-Type: multipart/form-data;" \
-F "api_key=theGeneratedAPIKeyForanAdmin" \
-F "api_username=anAdmin" \
-F "title=This is an API created topic" \
-F "raw=This is the end of the world as we know it, and I feel fine."

The two parameters api_key and api_username are not in the header of the form’s call, only Api-Key - so I will test with these two.

Found this Discourse REST API Documentation - developers - Discourse Meta - all non-HTTP header based authentication was dropped. So the right way to do it is to supply the API-Key in the header. Does a curl request work for you - or do you always get 403 errors?

curl 'https://edgeryders.eu/posts.json' \
  -H 'Connection: keep-alive' \
  -H 'Api-Key: 111977..' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_16_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36' \
  -H 'Content-Type: application/json' \
  -H 'Accept: */*' \
  -H 'Origin: https://webkitsandbox.netlify.app' \
  -H 'Sec-Fetch-Site: cross-site' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Referer: https://edgeryders.eu/' \
  -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \
  --data-binary '{"title":"Rethinking retirement - response by owen","raw":"test_post 1","topic_id":13926}' \
  --compressed

I just tried it and get the following error:

{"errors":["You are not permitted to view the requested resource."],"error_type":"invalid_access"}%     

test_post 1

It needs to be a post request curl -X POST ... then it should work.

Same issue:

Now when I use a user created by means of the API I also get this error. No idea why - as creating posts shall be allowed based on the access rights. I’ll look into it.

1 Like

ok - thanks @Daniel

test_post 1

test_post 1

test_post 1

test_post 1

@owen Now it should finally work. There was a bug in Discourse which we fixed some time ago but now Discourse fixed it as well in the new release and we had to fix our bugfix. :smiley:

2 Likes

Great, thanks so much @daniel !

@Daniel It looks like I’m still getting the 403 with the form and this with the curl command:

{"errors":["You are not permitted to view the requested resource."],"error_type":"invalid_access"}%                                                                                    owen@Owens-MBP form % 

Could you direct message me the command you used to see if it’s an error on my end?