Using session token to authenticate requests

Hello.

I’m currently developing an app that integrates a third party service using iframe and a set of endpoint that the third party service can use to interact with files in Nextcloud. So far I’ve one problem that I don’t know how to solve.

The process of the app will be that the user selects a file from the files app and open it in this app. When that happens the user goes to a page with an iframe that has a target url of the third party service with parameters such as file location, id, and access token. The third party service will then use this data to interact with the file through some other routes I’ve set up in my app.

However currently the third party service gets the “Current user not logged in” error when trying to access the route’s functions.

What I was looking at was if I could create an access token that I could send with my parameters (currently its just a static string). With this access token the third party service could authenticate to the user.

Is this possible in Nextcloud? I saw some example of session token on here but I can’t figure out how to use it properly. Can this do what I’m asking, and are there any example of using it I could look at?