Jump to content

Authorization from ajax calls


Recommended Posts

I'm developing single-page application (SPA) which interacts with PW site only with help of ajax post/get calls to custom site API.

Initially guest (non-loggeding) user opens page with SPA. Then he logins via ajax call to custom API (requests key, supplying email and pass) and as soon as key is available, makes other ajax calls to custom API with this key. e.g. update own email, phone, etc.

Instead of developing custom authorization system, I'd like to use PW built-in authorization. So, my questions are:

1. How to generate key which PW uses to set cookie that is uses to identify session/logged-in user. I guess in my custom API login handler I should create new user session and return some token/key? E.g. how to do that using PW API?

2. Assumed SPA got this key and makes next ajax request to API with this key included in query - how to authorize request / identify user with help of PW API?

In sum - I need some guidance on PW API authorization methods that may help me to enable user authorization and access control in custom API from SPA ajax calls.

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...