[Not sure if this is the right place to ask this. If this question belongs on a different SO forum, please let me know.]
I am designing a web page that has a list of items which the user can drag up or down in the list. The user can also add new items to the list or delete items from the list. FWIW, I'm doing this in ASP.Net Core.
So, as the user interacts with the list, JS in the browser wants to call back to the server to tell it about list modifications. My two options (I think) are to call either Ajax or REST API endpoints on the server. Both schemes result in an asynchronous round-trip to the server, with a return value that indicates success or failure.
As I understand things, Ajax has the advantage that it comes with user authentication baked in. That is, I can easily enforce the notion that the caller must be an authenticated (logged in) user (the Ajax endpoint is no different than any other Controller GET or POST endpoint in this respect). The only real downside to using Ajax that I can think of is having to dream up a bunch of endpoint names for all of the various functions I need to expose. The bigger issue is that using Ajax for this just smells wrong to me.
A collection of REST API endpoints, on the other hand, come with some nifty semantics that make code maintenance and testing a bit easier to manage. But from what I've read, RESTful calls don't understand the concept that the caller has previously authenticated itself and owns a cookie to prove that.
As you can tell, I'm new to the world of REST APIs. I may be totally wrong about my assumptions around authentication and REST APIs. If that problem really is easy to work around, could some kind person post a simple example to lead me on my way...