Documentation for JSON Feature¶ ↑

The json feature adds support for JSON API access for all other features that ship with Rodauth.

When this feature is used, all other features become accessible via a JSON API. The JSON API uses the POST method for all requests, using the same parameter names as the features uses. JSON API requests to Rodauth endpoints that use a method other than POST will result in a 405 Method Not Allowed response.

Responses are returned as JSON hashes. In case of an error, the error entry is set to an error message, and the field-error entry is set to an array containing the field name and the error message for that field. Successful requests by default store a success entry with a success message, though that can be disabled.

The JSON response can be modified at any point by modifying the json_response hash. The following example adds an error reason to the JSON response:

set_error_reason do |reason|
  json_response[:error_reason] = reason
end

The session state is managed in the rack session (just like in HTML mode), with CSRF protection being disabled by default for JSON requests. HTML mode is still available when json: true option is passed to the rodauth plugin. If you want to only handle JSON requests, set only_json? true in your rodauth configuration.

If you want token-based authentication sent via the Authorization header, consider using the jwt feature.

Auth Value Methods¶ ↑

json_accept_regexp	The regexp to use to check the Accept header for JSON if `json_check_accept?` is true.
json_check_accept?	Whether to check the Accept header to see if the client supports JSON responses, true by default.
json_non_post_error_message	The error message to use when a JSON non-POST request is sent.
json_not_accepted_error_message	The error message to display if `json_check_accept?` is true and the Accept header is present but does not match `json_request_content_type_regexp`.
json_request_content_type_regexp	The regexp to use to recognize a request as a json request.
json_response_content_type	The content type to set for json responses, `application/json` by default.
json_response_custom_error_status?	Whether to use custom error statuses, instead of always using `json_response_error_status`, true by default, can be set to false for backwards compatibility with `Rodauth` 1.
json_response_error?	Whether the current JSON response indicates an error. By default, returns whether `json_response_error_key` is set.
json_response_error_key	The JSON result key containing an error message, `error` by default.
json_response_error_status	The HTTP status code to use for JSON error responses if not using custom error statuses, 400 by default.
json_response_field_error_key	The JSON result key containing an field error message, `field-error` by default.
json_response_success_key	The JSON result key containing a success message for successful request, if set. `success` by default.
non_json_request_error_message	The error message to use when a non-JSON request is sent and `only_json?` is set.
only_json?	Whether to have `Rodauth` only allow JSON requests. True by default if `json: :only` option was given when loading the plugin. If set, rodauth endpoints will issue an error for non-JSON requests.
use_json?	Whether to return a JSON response. By default, a JSON response is returned if `only_json?` is true, or if the request uses a json content type.

Auth Methods¶ ↑

json_request?	Whether the current request is a JSON request, looks at the Content-Type request header by default.
json_response_body(hash)	The body to use for JSON response. By default just converts hash to JSON. Can be used to reformat JSON output in arbitrary ways.

json.rdoc

Documentation for JSON Feature¶ ↑

Auth Value Methods¶ ↑

Auth Methods¶ ↑