API Access To The Forum

Hi all, I’m currently in the process of developing a native app for discourse sites, with a particular focus on the VEX Forum. To do this, I was hoping to make use of the Discourse API, but have run into a roadblock in that it appears that the ability for users to generate API keys has been disabled. As an alternative, I considered using a web crawler-style approach, but that would be in breach of the TOS. I don’t really want to get into trouble, and I especially don’t want any unsuspecting potential users getting into trouble for such a mistake. Therefore, I was wondering if there were any alternative ways to access the VEX Forum discussions without going through the API or potentially getting into trouble related to crawling?

You should DM @Brandon_Martus and explain the why, how, when, where of your goals and go from there.

You do not need to generate an API key. You can fudge authentication with a username and password and continue to use the Discourse API as needed. @crumey DM me if you want to see my implementation.

If the method Taran describes doesn’t work, DM me and I can set you up with an API key.

Thanks everyone for your help! I ended up getting the implementation @Sylvie sent me working within the app, using which I have been able to create a python module that is fully feature-complete with the Discourse API. In fact, I am actually writing this reply from it!

Anyway, just thought I might share a few more details about the project. The general idea is to create a native Android/iOS/Windows/Linux app that offers native performance, look and feel, and more tailored UX while still being fairly feature-complete when compared to the web app. I’m currently using Qt and Python to build it, and will hopefully be able to release it some time over the next few months. Of course, the source code will be available on my team’s GitHub, as well as on F-Droid, Google Play Store, and the App Store (assuming I can afford Apple’s ridiculously expensive developer licenses).

I know this post has been quite long, but just wanted to say thanks again for everyone’s help .

Correct me if I’m wrong, but for your use case you need the user to authenticate themselves anyways. Using your own token would result in people using your own account.

The only way around that would involve you hosting your own web server and running an intermediary program there, but that would require users to send you their login information and trust you’re storing it safely.

I don’t think so, but I’m no expert when it comes to this sort of stuff, so I’m not 100% sure. The user just needs to enter their username and password, which is then passed to the login URL. This completely skips the whole token part, meaning that the user doesn’t need to generate a key at all.

This also means that I shouldn’t have to host a web server to provide an intermediary authentication layer.

About the security concerns, it’s all going to be open-source, and at its core is just a collection of Python scripts. As a result, anyone should be able to verify that no data is being sent to any servers other than the VEX Forum.

“Just” is doing a lot of work there.

Your Mr. Bean “Trust me” is appropriate. Just because you open-source your code, doesn’t mean you’ll actually be running that code on the server.

Whoops, I probably should have put a little bit more emphasis on the no server part. The only server that the app interacts with is the official VEX Forum server, nothing run by me, or anyone other than VEX themselves.

@Sylvie, do you mind if I share some of the code I’ve based on your implementation?

Yes, this is correct. I was suggesting that if you obtained an API key yourself and didn’t use this method, users wouldn’t be able to authenticate themselves.

Not a problem, go right ahead.

If I’m understanding this correctly, this won’t be a concern. This app should just be a client for using the Discourse API, and no additional web server is necessary.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.