wiz
commented
7 years ago Also, please use GET /api/v0/account/status instead of GET /api/v0/subscription/status and upgrade account.type and privacy.username and privacy.password etc.
Open wiz opened 7 years ago
wiz
commented
7 years ago Also, please use GET /api/v0/account/status instead of GET /api/v0/subscription/status and upgrade account.type and privacy.username and privacy.password etc.
corosukeK
commented
7 years ago 403でlogoutするAPIはViewのStack的に/account/statusだけにしたい
Don't save user password in app database. Instead, after first authentication, save the cookie and pass it with all API requests. The cookie is valid for 1 year, so you shouldn't need to ever re-authenticate.
If any API request gets 403 response, logout user and return to login screen.
On logout, POST to /api/v0/account/logout with empty body, and server will invalidate cookie.