I have a use-case where I have a WordPress site and an ASP .NET Core as a Restful API backend. I use the WordPress site entire for Frontend, CMS, and User Authentication.
On certain pages of my WordPress site, I've embedded React apps into it. The React app does some API calling to my ASP .NET Core server.
Now, I would like to know what is the best way to verify which signed-in WordPress user requested the API in ASP .NET Core. Imagine that my user has signed in into my WordPress site and he accesses the React App and calls an API to my ASP.NET Core server.
What can I send in the API call header to let my ASP.NET Core server verify that this is the user that has made a request and the user is currently signed-in in the WordPress site? Is there any token system WordPress has?
Thank you.