:PROPERTIES:
:ID:       33e47957-b3d0-41c9-8977-7243b42a76dd
:END:
#+title: Control Panel HTTP Requests
#+PROPERTY: header-args :exports both :eval no-export
#+PROPERTY: header-args:http :cookie .cookies :cookie-jar .cookies

* Cookies
| Name        | Description |
|-------------+-------------|
| AUTORESPSID | Session ID  |

Cookies for requests in this document are stored in cookie file by curl in
=~/.cookies= (https://curl.se/docs/http-cookies.html).
* AJAX Requests
Control Panel controller actions that expect to be called as AJAX endpoints
expect the =X-Requested-With= header to be present and set to =XMLHttpRequest=.
* Logging In
** Fetching a CSRF Token
#+name: login-csrf
#+begin_src http :pretty
  GET localhost:8080/users/pub/csrf
  X-Requested-With:XMLHttpRequest
#+end_src

#+RESULTS: login-csrf
: 63116e764c5d31cdd3e4f230ee3740527f6eb1c76aea1cb04e30da5d68e24d78

** Sending credentials
#+begin_src http :pretty :var csrf=login-csrf
  POST localhost:8080/users/account/loginAjax
  X-Requested-With: XMLHttpRequest

  username=lookatme@example.com&password=testing&_csrf=${csrf}
#+end_src

#+RESULTS:
: {"submitStatus":{"code":200,"message":"\/users\/","category":"status_success"},"validationErrors":[]}