I have tried to however compensate for verifying the user problem by checking the value of user.can_edit at /u/{username}.json endpoint which I hope will give true iff the user is itself logged in and the username is theirs. But when trying to send that request from the server I can’t certainly attach cookies which were automatically getting included by the browser when sending the request. So it would always be false.
Also I have checked docs regarding user-api-key generation which will send requests as that user but there are too cors problems. (Isn’t there anything like if there is a valid user-api-key in headers then that request will send a response back?)
edit - Also one important thing, i am a non-admin, non-moderator user on that forum.