Authentication¶
In order to make the calls of Web APIs from a different domain you will need to use the token from your user.
How to generate a Token
You can generate a unique token key from the /admin/profile page. Keep this key in secret.
Use the Token from server calls (PHP)
You can send the token as post parameter:
$url = "https://example.com/cm/delete/post";
$token = "<UNIQUE_TOKEN>";
$options = [
'http' => [
'method' => 'POST',
'header' => "Content-type: application/json",
'content' => http_build_query(['id'=>2, 'token'=>$token]),
'ignore_errors' => true
]
];
$context = stream_context_create($options);
$response = file_get_contents($url, false, $context);
Authenticate from front-end (Javascript)
In order to make calls from a different domain, you should include the domain of your front-end app in the website’s cors value. In config.php of your installation add:
'cors'=> ['myapp.com']
From javascript you should authenticate first the user with cedentials and then use the token in your calls.
Example using axios:
// authenticate
axios.post('https://example.com/login/auth', {
email: 'user@mail.com',
password: 'password'
})
.then((response) => {
token_key = response.data.token;
});
// send a request
axios.post('https://example.com/cm/delete/post', {
id: 2,
token: token_key
})