Exposed REST APIs are by design sessionless. In some cases, you might need to reuse your current application session to make a request via Javascript, without going through the server. In this guide I will show you how to use the current session in your APIs.
The guide applies to versions 9.1.0.20+ for both .NET and Java stacks.
First you need to create an Extension with a new action and call the method GetUserFromSessionCookie from the RuntimePublic.Session API, or you can use the Session extension from the attached application.
![]()
After creating the extension and referencing it in your application, you should set the Authentication in your REST API as Custom.
![]()
Finally, in the OnAuthentication flow you should use the action from the extension above and use the Login action from System to authenticate the user (or throw some exception if no user is currently logged in).
![]()
To test the authentication, make a request via Javascript to the API anywhere on your screen (make sure that it is in the same domain so that you don't run into CORS problems) and check if the result is 200 OK.
In the attached application the screen allows you to test calling the API via JavaScript. If you are logged in you should get a popup with your username, and if you are not you should get an error message.
The guide applies to versions 9.1.0.20+ for both .NET and Java stacks.
Create the Extension
First you need to create an Extension with a new action and call the method GetUserFromSessionCookie from the RuntimePublic.Session API, or you can use the Session extension from the attached application.
Add Custom Authentication to the API
After creating the extension and referencing it in your application, you should set the Authentication in your REST API as Custom.
Finally, in the OnAuthentication flow you should use the action from the extension above and use the Login action from System to authenticate the user (or throw some exception if no user is currently logged in).
Test the API
To test the authentication, make a request via Javascript to the API anywhere on your screen (make sure that it is in the same domain so that you don't run into CORS problems) and check if the result is 200 OK.
In the attached application the screen allows you to test calling the API via JavaScript. If you are logged in you should get a popup with your username, and if you are not you should get an error message.