How to authenticate non-admin users via the API?

Hey :wave:

I’m working on a project where the front-end is a custom NextJS web app and Ghost (v5, local installation for the moment) is being used as a headless CMS.

So far working with the Ghost Content API works great and I don’t have any questions about that.

However, I’m having a very hard time finding any information regarding how to authenticate users through the API.

The goal is to understand how to authenticate users through the API?

I assume there could be some endpoints like /login | /register | /verify-token or similar that the front-end app should call in order to use the built-in Ghost authentication-related features.

If you’re looking for help, please provide information about your environment. If you delete this template and don’t provide any information, your topic will be automatically closed.

If you aren’t running the latest version of Ghost, the first thing we’ll ask you to do is update to the latest version of Ghost.

Thank you!

To see what methods are called, you could leave the a web tools “Network” panel open while performing these actions as a user manually.

Since these endpoints are not part of the Content API or the Admin API, they might not work forever.

Hey, thanks for the suggestion!

I was considering this as a last resort too. I was quite puzzled when I couldn’t find any documentation for this API and hope the functionality remains available. But who knows :)

I wonder what do others do in the case of a custom front-end implementation (e.g. Gatsby or NextJS) with Ghost as headless CMS. :thinking:

Anyway, unless anyone else comes up with a better idea or docs regarding the topic, I’ll do some digging in the network tab.