Passing session key to end point
- 11 years agoHey kc,
Endpoints should automatically pass the session_key if you pass it to the endpoint.
Just create your endpoint using rest() as usual, and then pass the session key via restapi.session_key query parameter.
Hope this helps,
Yuri - 11 years ago
By default, the custom endpoint will execute any code and make any rest calls as the 'current user'. So the endpoint should only have permissions to do what the 'current user' can do.
Lithium picks up the 'current user' from the session cookie, or from the 'restapi.session_key' parameter if specified.
If an already logged in user navigates directly to the custom endpoint (in the browser) they will automatically be authenticated (as the browser will automatically send the session cookie when it sends the request to the custom endpoint).
If you are calling the endpoint from a JavaScript application hosted on the same root domain, you can get JavaScript to include the Lithium session cookie in its request by specifying the 'use credentials' parameter in the AJAX call. This only works if the user is already logged in.
If you are making a call to the custom endpoint from within an external application, you will need to specify the 'restapi.session_key' parameter (the value of which you obtain through a separete call to the authentication method).