The idea of removing csrf validation is workable, but i didn`t liked it. So i created custom plugin where i can get current csrf wtih Blesta PHP SDK:
$blestaApi->get( "custom.custom_api", "getCsrf" )->response()
The method is in /plugins/custom/models/custom_api.php file And here is the code:
<?php
class CustomApi extends AppModel {
/**
* Initialize
*/
public function __construct() {
parent::__construct();
Loader::loadHelpers($this, array("Form"));
}
public function getCsrf() {
return $this->Form->getCsrfToken('');
}
}
?>
It is better cause of two cases:
We still are using the csrf token
We can extend custom plugin to get more better integration with custom front-end website.
The rest task of website integration is matter of reading the documentation, and developing this custom plugin. Hope this will help.