Session/current always returns api_user


(Ryan Odening) #1

/session/current.json gives the current user just fine when entered as url.
/session/current.json?api_key=[my_api_key]&api_user=[my_user_name] always returns me as the current user-- even when I’m logged in as a different account.

I need the api_user and api_key to fetch this info though.
Any solution to this?
Thanks!


Specify user by external id
(Richard - DiscourseHosting.com) #2

When you’re logged in, you don’t need an API key.

You’ll need an API key for the cases where you’re not logged in (because you are not a human with a login session). When you supply an api_user parameter, it always determines the user that is making the request.


(Ryan Odening) #3

When I make a fetch request from a different site without an api key, it gives me a 404.


(Richard - DiscourseHosting.com) #4

I’m not sure what you are trying to accomplish here, but it sounds like your making a client side JSON request from another web site to see if you’re logged in. That will expose your API key and it’s not a good idea.

The reason that this is not working without an API key is probably because your browser is not sending cookies to a third party website. I believe that Safari is acting like this.

Can you please elaborate on what you are trying to do?