Extension:CentralAuth/API

centralauthtoken
CentralAuth allows your code to authenticate on the foreign wiki as the user currently logged in on the local wiki using a central authentication token . Using those, one can make API calls to any wiki participating in the same single sign-on system, guaranteeing that the same associated account will be used for actions on both wikis even if the user is not logged in on the foreign wiki (doesn't have a session cookie for that domain).

First, acquire a token using  request to the local wiki. A token is only valid for a single request, and will become invalid after 10 seconds.

Then, pass the token to any CORS request to the foreign wiki: You can use the mediawiki.ForeignApi ResourceLoader module to handle this for you.
 * When using the action API, via the  parameter. When making a POST CORS request to the action API, the parameter must be part of the preflight request and thus it must be in the URL, not the POST data.
 * When using the REST API, via a  header.