I am working on a module to access certain information via REST for an expression engine backend (control panel).
I have worked out the REST function and delivery of the information, that works and tested.
Currently one of my module control panels has several functions that return a set of information while I am logged in and I pass in the session ID along with the request.
However, outside the session I cannot access the API because it redirects me to login instead. I am seeking to bypass the classic authentication for certain controller functions and replace it with a API token based authentication which would be passed with the web request.
I've tried searching how to disable authentication for certain pages in the backend, but haven't been able to find anything. If anyone can point in the right direction it would be very helpful.
Take a look at module actions. These are the URLs that look like /?ACT=123 where 123 refers to a specific module and method in that module. These URLs don't have any authentication required to be hit. You control what authentication you want for the methods.
Stephen Lewis has a nice article about this on his blog (the EE dev docs don't explain actions well, if at all). http://experienceinternet.co.uk/blog/a-brief-introduction-to-expressionengine-actions/
I can personally vouch for this approach with using APIs because our team built a CRUD Rest API for ExpressionEngine that uses these "action" URLs.