Same-origin requests
Last updated
Last updated
If your client and server are on the same origin (e.g. making an API call to foo.com/api
from JavaScript running on foo.com
), the session token is automatically passed to the backend in a cookie. This means that all requests to same-origin endpoints are authenticated by default.
You can use the native browser Fetch API as you normally would and the request will be authenticated.
For applications that are fetching content in the background, like when a tab is no longer focused, you will need to include an Authorization header along with your request.