1 files changed, 21 insertions, 8 deletions

diff --git a/core/API/Request.php b/core/API/Request.php
index b6d5f09f2a..c0ad14d5fc 100644
--- a/core/API/Request.php
+++ b/core/API/Request.php
@@ -87,7 +87,7 @@ class Piwik_API_Request
 		$outputFormat = strtolower(Piwik_Common::getRequestVar('format', 'xml', 'string', $this->request));
 		
 		// create the response
-		$response = new Piwik_API_ResponseBuilder($this->request, $outputFormat);
+		$response = new Piwik_API_ResponseBuilder($outputFormat, $this->request);
 		
 		try {
 			// read parameters
@@ -101,13 +101,7 @@ class Piwik_API_Request
 			}
 			$module = "Piwik_" . $module . "_API";
 
-			// if a token_auth is specified in the API request, we load the right permissions
-			$token_auth = Piwik_Common::getRequestVar('token_auth', '', 'string', $this->request);
-			if($token_auth)
-			{
-				Piwik_PostEvent('API.Request.authenticate', $token_auth);
-				Zend_Registry::get('access')->reloadAccess();
-			}
+			self::reloadAuthUsingTokenAuth($this->request);
 			
 			// call the method 
 			$returnedValue = Piwik_API_Proxy::getInstance()->call($module, $method, $this->request);
@@ -120,6 +114,25 @@ class Piwik_API_Request
 	}
 
 	/**
+	 * If the token_auth is found in the $request parameter, 
+	 * the current session will be authenticated using this token_auth.
+	 * It will overwrite the previous Auth object.
+	 * 
+	 * @param $request If null, uses the default request ($_GET)
+	 * @return void
+	 */
+	static public function reloadAuthUsingTokenAuth($request = null)
+	{
+		// if a token_auth is specified in the API request, we load the right permissions
+		$token_auth = Piwik_Common::getRequestVar('token_auth', '', 'string', $request);
+		if($token_auth)
+		{
+			Piwik_PostEvent('API.Request.authenticate', $token_auth);
+			Zend_Registry::get('access')->reloadAccess();
+		}
+	}
+	
+	/**
 	 * Returns array( $class, $method) from the given string $class.$method
 	 * 
 	 * @return array