Extension:CentralAuth/API

Authentication
CentralAuth has no login or signup API of its own (the standard clientlogin and signup APIs can be used for that, with the same parameters as MediaWiki core login), but it allows your code to authenticate on the foreign wiki as the user currently logged in on the local wiki using a central authentication token . Using those, one can make API calls to any wiki participating in the same single sign-on system, guaranteeing that the same associated account will be used for actions on both wikis even if the user is not logged in on the foreign wiki (doesn't have a session cookie for that domain).

First, acquire a token using  request to the local wiki. A token is only valid for a single request, and will become invalid after 10 seconds.

Then, pass the token to any CORS request to the foreign wiki: You can use the mediawiki.ForeignApi ResourceLoader module to handle this for you.
 * When using the action API, via the  parameter. When making a POST CORS request to the action API, the parameter must be part of the preflight request and thus it must be in the URL, not the POST data.
 * When using the REST API, via a  header.