![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![[DEALS] Sterling Stock Picker: Lifetime Subscription (85% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.jpg?#)
![Apple to Shift Robotics Unit From AI Division to Hardware Engineering [Report]](https://www.iclarified.com/images/news/97128/97128/97128-640.jpg)
![Apple Shares New Ad for iPhone 16: 'Trust Issues' [Video]](https://www.iclarified.com/images/news/97125/97125/97125-640.jpg)
Handling Authentication with both Web App and API
Not sure how to handle this. Our current app (.Net MVC) is accessed via companyname.appname.com, authentication is handled via forms (cookie) authentication. Within the app there is a global search box that is quite heavily used, we are looking to split this out into it's own microservice so all calls for search will go to something like search.appname.com instead, therefore lightening the load on the main app. The question we have is about how best to authenticate the calls to that url. We can't share cookies across sub-domains as all clients have a different sub-domain and the sharing cannot be restricted to a select no. of domains (or not to my knowledge). Do we return an API token when they first login that we store and use for API calls or is there another way?
Not sure how to handle this. Our current app (.Net MVC) is accessed via companyname.appname.com, authentication is handled via forms (cookie) authentication. Within the app there is a global search box that is quite heavily used, we are looking to split this out into it's own microservice so all calls for search will go to something like search.appname.com instead, therefore lightening the load on the main app.
The question we have is about how best to authenticate the calls to that url. We can't share cookies across sub-domains as all clients have a different sub-domain and the sharing cannot be restricted to a select no. of domains (or not to my knowledge).
Do we return an API token when they first login that we store and use for API calls or is there another way?
