Authentication may also be handled through a session mechanism. This removes the need to supply username and password information for each request. To begin a session add a parameter gologin
with any value to the request along with the standard username and password. The server will set two cookies, session_user_name
and session_hash
.
The session_user_name
cookie contains the username established at the beginning of the session. The session_hash
contains the short term security token for the session. Subsequent API requests now be authenticated by including these values in the request, username and password are not required. These values may be supplied as either cookies or HTTP POST or GET variables.
The session_hash token will expire after a preset length of time, usually 2 hours, this may vary. Each request will update the value of the session_hash and it’s expiration. To maintain the session the client needs to provide the updated session_hash
. Sessions may be maintained indefinitely by making periodic requests and supplying the updated session_hash
token.
If the format
parameter has been specified as ‘xml’ then the returned content will be an XML API error message with code 109. Otherwise the content is HTML, similar to a typical HTTP server authentication required message.