Updating user email through the JSON API

frei91

I'm trying to update a user's email address from a different site through the API. Changing other user attributes (e.g. bio) works fine, but for email I get code 401 permission_denied.

This seems to happen because there are some checks in UpdateUserController and EditUserHandler that require additional user confirmation when $userId and $actor are identical. My question is, can I somehow specify in the API call that the $actor is an admin? Or is there any other way to change a user's email address through the API without requiring the user to confirm their new address?

I've come up empty after lots of searching, any hints much appreciated.

luceos

You need to use a Master token. I've written it down so I would never forget at the api client readme:

https://github.com/flagrow/flarum-api-client#configuration

In order to start working with the client you might need a Flarum master key:

Generate a 40 character random, unguessable string, this is the Token needed for this package.
Manually add it to the api_keys table using phpmyadmin/adminer or another solution.

The master key is required to access non-public discussions and running actions otherwise reserved for Flarum administrators.

You then use this in the Authorization header:

Token <insert-master-token>; userId=1

frei91

Many thanks @luceos, this is super helpful.