Continuing the discussion from Generating a login email via API:
But that’s what I wanted to do, but then I searched the source for verify_authenticity_token and figured out that I could use
skip_before_action :check_xhr, :preload_json, :verify_authenticity_token
to be able to have my plugin accept a post!