Session/current always returns api_user

/session/current.json gives the current user just fine when entered as url.
/session/current.json?api_key=[my_api_key]&api_user=[my_user_name] always returns me as the current user-- even when I’m logged in as a different account.

I need the api_user and api_key to fetch this info though.
Any solution to this?

When you’re logged in, you don’t need an API key.

You’ll need an API key for the cases where you’re not logged in (because you are not a human with a login session). When you supply an api_user parameter, it always determines the user that is making the request.


When I make a fetch request from a different site without an api key, it gives me a 404.

I’m not sure what you are trying to accomplish here, but it sounds like your making a client side JSON request from another web site to see if you’re logged in. That will expose your API key and it’s not a good idea.

The reason that this is not working without an API key is probably because your browser is not sending cookies to a third party website. I believe that Safari is acting like this.

Can you please elaborate on what you are trying to do?