Ghost as headless cms and React frontend


I have setup ghost using ghost cli 2.21.1 version. I am using ghost as a headless cms. My ghost is installed at example . com and i am consuming content api from mycmsexample . com which is working correctly.
Now i am building Admin part of the cms and i am having issue related to authentication. I am using fetch. Something like this

const host = “example . com”;
const path = “ghost/api/v2/admin/session/”;
const url = host + path;
fetch(url, {
headers: {
“Content-Type”: “application/json”,
Origin: “mycmsexample . com”
credentials: “include”,
method: “POST”,
body: JSON.stringify({
username: this.state.user,
password: this.state.pass

In chrome-dev-tool i can see the cookie with ghost-admin-api-session - {token}
In chrome dev tool response header i am not able to see set-cookie header.

After this i am doing post request to create a post.

const host = “example . com”;
const path = “ghost/api/v2/admin/posts/”;
const params = “?source=html”;
const url = host + path + params;

fetch(url, {
headers: {
Accept: “application/json”,
“Content-Type”: “application/json”,
Origin: “mycmsexample . com”
credentials: “include”,
method: “POST”,
body: JSON.stringify({
posts: [
title: this.state.title,
html: markup,
tags: this.state.tags,
authors: “authorname”,
status: “published”
In this fetch request i am getting 403, Forbidden
I am also using node js cors library installed on ghost and the ghost express server have these settings
cors = require(“cors”);
var corsOptions = {
origin: “mycsmexample . com”,
credentials: true,


Hi Mukal - Which fetch are you using? github/fetch or Or another?


Hi Mukal - I guess I’m a little confused as to how you are using the API. Are you coming in from a client browser or from a server? The admin in your const path implies that you are using the javascript admin api library which can only be used on the server side, yet you are using fetch, native to javascript which can only used used on the client side. Missing altogether are the API keys - client or admin, depending on what you are doing.


I am using User Authentication as mentioned in


Hi Mukal - Is this the node.js cors library you are using?




Hi Mukal - Trying to make the User Authentication work on a local installation the best I can get is 401s unauthorized. I have been using the restlet client - Rest API testing for chrome to test the header I have been sending, Looking at the ghost logs and seeing the requests going through but no success yet.


I was able to perform user authentication using postman. But not able to perform in react js using both fetch and axios.
I was able to see the cookie in both postman and chrome dev tools.
Right now i am using token Authorization so that i can complete building custom admin part of blog.
Later i will revisit what was wrong in user authentication.
Any help is appreciated