Sunday, December 1, 2013

(Not so) easy posting as guest via Disqus API

I was asked to use Disqus as a comment system for one of the Wordpress powered websites I've been working on. Piece of cake I thought and sure Wordpress comes with plugin that I can install, customize and the job is done. Well, this is true for plugin installation part, not so much for styling and modifications though. Wordpress Disqus plugin doesn't allow any real customization. You can set it's appearance to "For light backgrounds" or "For dark backgrounds" and change typeface to serif/sans-serif but not much more than that. Furthermore, Disqus loads everything in iframe and there goes your customization via usual css/javascript tricks. To make things worse  I was provided with design that was nothing but ordinary. 

Right.. they must provide some API I thought and so with a bit of PHP coding, with help of curl here and there I should be able to pull it off. And so I started digging through docs provided.

For a start I tried to pull out the comments and got what I wanted. The trouble started however when I tried to post a comment as a guest. Disqus requires public key to be used when posting a comment, neither of the keys provided when I registered application was working though. The code below kept giving me message "This application cannot create posts on the chosen forum" or "Invalid API key".

$session = curl_init('');
curl_setopt($session, CURLOPT_RETURNTRANSFER, 1); // instead of just returning true on success, return the result on success

$args = array(
'message' => 'DOH!',
'thread' => '1234567890',
'author_name' => "Homer Simpson",
'author_email' => "",
'api_key' => 'someApiPublicKeyGoesHereButWhereToFindItGodOnlyKNows'


$data = curl_exec($session);

I was getting annoyed at this point and decided to have a peek how plugin itself does it. Sure it must pass some api_key to backend and in fact it does. I looked up the ajax call and there it is:

I plugged it into the code above: 

'api_key' => 'E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F'

and voila, it worked. 

This cant be right I thought. Unless I'm missing something this key is nowhere to be found in application settings page. I couldn't dig it up from documentation either. Where to find it without peeking up ajax calls? What will happen if Disqus will decide to change the api_key at some point? There goes my comment system, right? It's sure looks like it. So I decided to do more research and it appears that someone else had similar problem. Just have a look at this StackOverflow thread:

There is screenshot attached showing api_key and guess what..? It looks exactly the same as the one POSTed from my installation. 

So now I can post as a guest, but is it a solution? Well, like everything else it depends on your project. The way I understand it now the whole thing is really disappointing. Unless you are happy with default look and functionality Disqus provides, prepare for some struggle.


  1. Looks as if you're totally right. That key is longer than anything in your API profile page, and not available anywhere I could see... unless you look at the Ajax request. Sub it in for "api_key" and suddenly you can get a guest post.

    I noticed also that in using the CONSOLE tab to test API requests, it gets stale values sometimes. It will complain that the thread is the email address, or something like that. If you reload you'll see the field does contain the wrong value. Adds a bit of frustration to the testing.

    Not sure if Disqus is right for me in the long run, but I'm giving it a test. A bit unfortunate that a task that savvy users might undertake (to script importing their own non-authenticated comments from a previous system) would hit such obvious speedbumps. It may not bode well. :-/


  2. Very much impressive blog keep the good work up. I found this very informative. It helps me a lot. Love to wait for your next post.
    Click Here : 2005 Cat 140H (1312) w/7895 Hrs For Sale at $108k