What is the recommended way to transfer data from a plugin frontend to a plugin backend for authorized users only?


I have written a plugin for strapi, which provides a form in its frontend and a route with GET and POST requests enabled in the backend to get and set the values of the form. The values are stored in the backend via the strapi.store function and by fetching from the respective end point, getting and setting the values works just fine for public access to the route.

However, public access is not desirable. Therefore only authorized users should be able to access the given route. In order to do so, the access token is required, but I don’t know, how to obtain it programmatically (if I copy and paste it from the response of the login form into the fetch headers it works just fine).

So my question is: Where do I get the token from the currently logged in user? Or is there another standard way of accessing protected plugin routes?

Also some words about that in the official documenation would be highly appreciated.

@plwag It is stored in browser’s local storage, so it is pretty simple to get it:
let token = localStorage.getItem("jwtToken")

Hi @sunnyson,

thanks for your answer! It helped a lot, although it was not correct for me. The token stored in localStorage was null in my case and the real token was stored in sessionStorage. Also, the token had leading and trailing quotation marks and I had to remove them manually in order for the token to be valid.