So, here's an example of the set up. Let's say the external service is a simple RESTful API that logs some information a user can enter on their dashboards (via an extension). The user will simply fill in a text box, press submit, and the extension (embedded in the dashboards) will make an AJAX call to the external service.

Now, I want to verify that the user is who they are, since I want to ensure that the external service has correct logging in place. I could just attach the user's NTName, say, to the request, but that's very naughty and can be spoofed. Instead, since users are accessing dashboards hosted off Qlik Sense's Proxy service, this means they're authenticated and have a Qlik Sense session.

Now, how can I send some sort of token with the request from the dashboard to the external service, that will allow the external service to send the token to Qlik and for Qlik to respond whether or not that user making the request is who they say they are.

Is this possible?