Authorization from ajax calls

[valan]

I'm developing single-page application (SPA) which interacts with PW site only with help of ajax post/get calls to custom site API.

Initially guest (non-loggeding) user opens page with SPA. Then he logins via ajax call to custom API (requests key, supplying email and pass) and as soon as key is available, makes other ajax calls to custom API with this key. e.g. update own email, phone, etc.

Instead of developing custom authorization system, I'd like to use PW built-in authorization. So, my questions are:

1. How to generate key which PW uses to set cookie that is uses to identify session/logged-in user. I guess in my custom API login handler I should create new user session and return some token/key? E.g. how to do that using PW API?

2. Assumed SPA got this key and makes next ajax request to API with this key included in query - how to authorize request / identify user with help of PW API?

In sum - I need some guidance on PW API authorization methods that may help me to enable user authorization and access control in custom API from SPA ajax calls.

[valan]

Hmm... strange to see 0 responses here... is it a right forum thread for such questions?