Help with a separate frontend app checking Ghost member login and paid status

I am exploring ways to integrate Ghost memberships with a separate frontend app I’m building, and am seeking guidance on the best approach.

Currently:

• My Ghost blog exists at my domain (e.g. foo.com)

• I’m building a separate frontend app using lovable

• I want the lovable frontend to determine if a visitor is logged in and whether they have an active paid subscription. This is in order to conditionally display a paywall

I’m considering two approaches and would appreciate some advice:

1. Same-origin approach:

   • Keep Ghost at foo.com

   • Have the lovable frontend request https://foo.com/members/api/member/ directly

   • Are there recommended best practices for this setup, especially if the frontend handles routing and static pages separately from Ghost?

2. Admin API approach:

   • Use the Admin API to fetch member information from the backend

   • I’m unsure how to map a visitor in the frontend to a specific member ID or email securely

   • Is there a supported pattern for this kind of server-side integration?

My goal is a reliable, maintainable approach that preserves the existing Ghost membership authentication without exposing security risks.

Thank you in advance for your guidance!

And it hopefully goes without saying (but I’ll say it anyway): Do NOT put your admin API key on the front end. Period, full stop. The function that validates whether the jwks is correct needs to run on the server, not in the browser.

Thanks! i was able to get it working