@pwFoo I'm not sure I understand which forum was which in your reply. I think what you're asking is there is an API call in nodebb to validate a user, which there is, @ /api/login. It taks a POST with username/password/_csrf as the body variables (in json). If you're doing this cross site though, you'll need to accomplish the task of generating a csrf token. You can do this by making a GET to /api/login, which gives you a csrf token, make sure to then send the following login POST using that csrf token + the express_sid session cookie (session is tied to csrf token).
Hope that makes sense, or helps you at all. You could created a nodebb plguin that uses some express midlleware that would accomplish all of the above seamlessly. It's best to do in in the plugin where you can customize CORS and other settings on your endpoints for cross domain use.