API design - application on a domain, api on a different domain. How to extract user-specific data without passing the user ID


I am trying to build quite a simple web app (for learning purposes) using Golang and Angular JS.

I am comfortable with the Go and AngularJS code but I am having difficulties trying to create an adequate API structure.

At the moment I have all my code running the app and the API code bundled together.

Ideally I would like to separate this out, so I can have my app run on a subdomain such as app.mything.com and the API run on api.mything.com

The problem I have is my API has MYSQL calls such as -

select * FROM sometable where userid = userID

userID is a user ID that it is saved in a session.

So while all the code is bundled together this is possible and works fine. If I was to separate the code to two separate sub domains the session will not be accessible on both.

How is it possible to achieve something like this?

Thanks Dave

There are two ways you can solve this:

  • Change the session storage to something the API and app both share (i.e.: MySQL).
  • Start using (encrypted) cookies instead of session data.