Authentication
We use a form of OAuth for authentication. A user can create a token by posting valid email and password to /oauth/token
.
The token is stored as a cookie named access_token
on the api domain.
Whenever we do api calls to authorized controllers this token is used to get the current user.