[joshsharp]

They shouldn't be logging in via the webview within the app anyway, so that's moot.

We are using cookies, as the post says, as a fallback authentication so devs can browse the API from a browser if they're logged in to the site.

[eridius]

Why are devs using a browser to hit API endpoints? There are much better tools. My preferred one is called Paw (https://paw.cloud) but there are others.

[grkvlt]

Because Paw is GBP 39.99 and a browser is free?

[eridius]

There are other free tools too, like Postman (https://www.getpostman.com).

[grkvlt]

True, I actually use Postman in Chrome, forgot to mention that.