I am creating a small app that to compliment the content on Ghost for my members and I would like a way for the app to only qualify members who are logged in via the Ghost site. To clarify, I would like to solely rely on Ghost’s authentication system for my app. I did some scouting, it looks like t…

Hey! This is definitely doable but it’s gonna be a hack either way as these are not publicly documented or stable methods. You can either get a JWT for a member and use that to authenticate into your application, but this won’t handle logout when the member logs out of Ghost. Or you can use the co…

I’m also interested in learning about this.

Thanks @egg , this answers so many of the questions I’ve had over the past week. We wanted to use Ghost’s authentication in order to benefit from its members system. Basically, have Ghost handle memberships for our app (that is on the same domain). This kind of membership integration would make Ghos…

Those were very helpful indeed! I wanted to say I’ve implemented it but alas I can only say I’m nearly there (left with step 7 below) Custom JavaScript in theme to get a JWT via /members/ssr Push JWT to my app, which validates it using members_public_key and returns the app cookie. Cookie stores t…

Thanks for the tips, Fabien! I was able to get a JWT via API request, like you mentioned. However, I haven’t been able to get the public key with which to validate the JWT. From searching on Github, I can see that members_public_key exists - but I’m struggling to see how I can retrieve it if I don…

[image] egg: /members/ssr Sorry to revive this old thread, but has /members/ssr been moved? I’ve just tried loading it, both directly in Chrome and via JavaScript in the site footer whilst logged in, and it 404s. I’m looking to get a JWT for logged-in members to send to my remote API, to au…

Same experience that I am having. —We have a custom API running along with Ghost and are successfully authenticating members . We want to learn: How to authenticate against the admin cookie credentials?

The best I can see so far, is to fetch /members/api/member/ and then check the uuid on the backend via the /admin/members/ API. But that would only confirm that the UUID has a paid membership, not that the current logged-in user owns that uuid, making it exploitable. A JWT payload would be perfect f…

/members/ssr has been replaced in favour of /members/api/session

I’m looking to get a JWT for logged-in members to send to my remote API, to authenticate them as paying members before returning premium data.

Use Ghost members auth to log-in to custom app via cookies

Memberships & subscriptions

benclmnt October 15, 2023, 4:05am 13

Wrote up both JWT and Cookie solution here: Use Ghost authentication to login to custom app

Verify ghost membership status and tier via API for 3rd party app?

Topic		Replies	Views
Authenticating API for users Integrations & API	4	1432	February 17, 2023
Get JWT for signed-in Member Memberships & subscriptions	1	1108	September 26, 2022
Accessing 'members/api/member' from external website to check if user logged in Integrations & API	5	167	March 4, 2025
Where can I find `members_public_key` to validate a JWT? Memberships & subscriptions	4	1387	November 1, 2021
Verify ghost membership status and tier via API for 3rd party app? Memberships & subscriptions	7	1001	October 15, 2023

Use Ghost members auth to log-in to custom app via cookies

Related topics