Hmm, your curl request worked for me when it was sent as a post request and the topic-id adapted to this topic (13926). Your API key is also active. Let me know the error if it’s not working.
It’s the same 403 forbidden error 
after reading some discussions I understand that the topic_id parameter is optional, for adding a post to an existing topic. if not present, it should create a new topic - this was how the form was intended to work (see an example response here)
Regardless when including topic_id or only the category_id to post in, both return the 403 error.
The body payload is like this:
var payload = {
title: 'Rethinking retirement - response by owen',
raw: 'test_post 1',
category: 237
};
So it should post a new topic in category 237 (campfire).
@gdpelican may be able clarify how this should work, if available.
Update - in this example, different header parameters are used:
curl -X POST "https://my.discourse.com/posts" \
-H "Content-Type: multipart/form-data;" \
-F "api_key=theGeneratedAPIKeyForanAdmin" \
-F "api_username=anAdmin" \
-F "title=This is an API created topic" \
-F "raw=This is the end of the world as we know it, and I feel fine."
The two parameters api_key and api_username are not in the header of the form’s call, only Api-Key - so I will test with these two.
Found this Discourse REST API Documentation - developers - Discourse Meta - all non-HTTP header based authentication was dropped. So the right way to do it is to supply the API-Key in the header. Does a curl request work for you - or do you always get 403 errors?
curl 'https://edgeryders.eu/posts.json' \
-H 'Connection: keep-alive' \
-H 'Api-Key: 111977..' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_16_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36' \
-H 'Content-Type: application/json' \
-H 'Accept: */*' \
-H 'Origin: https://webkitsandbox.netlify.app' \
-H 'Sec-Fetch-Site: cross-site' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Referer: https://edgeryders.eu/' \
-H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \
--data-binary '{"title":"Rethinking retirement - response by owen","raw":"test_post 1","topic_id":13926}' \
--compressed
I just tried it and get the following error:
{"errors":["You are not permitted to view the requested resource."],"error_type":"invalid_access"}%
test_post 1
It needs to be a post request curl -X POST ... then it should work.
Now when I use a user created by means of the API I also get this error. No idea why - as creating posts shall be allowed based on the access rights. I’ll look into it.
1 Like
test_post 1
test_post 1
test_post 1
test_post 1
@owen Now it should finally work. There was a bug in Discourse which we fixed some time ago but now Discourse fixed it as well in the new release and we had to fix our bugfix. 
2 Likes
@Daniel It looks like I’m still getting the 403 with the form and this with the curl command:
{"errors":["You are not permitted to view the requested resource."],"error_type":"invalid_access"}% owen@Owens-MBP form %
Could you direct message me the command you used to see if it’s an error on my end?
curl -X POST 'https://edgeryders.eu/posts.json' \
-H 'Api-Key: decb...' \
-H 'Content-Type: application/json' \
-H 'Accept: */*' \
--data-binary '{"title":"Rethinking retirement - response by owen","raw":"test_post 1","topic_id":13926}' \
--compressed
But I forgot to mention - it does not work for users that were previously created by means of the API. When you now create a new user with the API and then use the request above it should work. Let me know if we should fix it for previously created users: These are users that were created by means of the API after the Discourse upgrade.
test_post 1
test_post 1
It works! thanks 
3 Likes