Request
| Method | URL |
|---|---|
| POST | https://{domain}/api/account/{accountId}/login?v=1.3 |
Query parameters
| Parameter | Description | Type | Required | Notes |
|---|---|---|---|---|
| v | API version number | Number | Required | Default Value: 1.3 |
Headers
| Header | Description |
|---|---|
| Content-Type | Application/JSON |
| Accept | Application/JSON |
Body
Example:
{
"username": "name",
"password": "password"
}
Response
Response codes
| Code | Response |
|---|---|
| 200 | OK — Successfully logged in |
| 400 | Bad request — Problem with body or query parameters |
| 401 | Unauthorized — Bad Authentication (invalid site, agent, or credentials) |
| 429 | Too Many Requests — User attempted too many logins; retry after 5 seconds |
| 500 | Internal server error |
Response cookies
| Cookie | Description |
|---|---|
| Session_id | Login session ID (should be passed to the refresh and logout methods) |
The Bearer can be found at the bottom of the response.
Example:
{
"csrf": "d5d07326cfe2240b9453e19e8092c59844921dcdc6ebb105c55fea9ed45c9d77",
"wsuk": "766900772095619056",
"config": {
"loginName": "name",
"userId": "3705342610",
"userPrivileges": [
100,
101,
1730,
1731,
1732,
1733,
1734,
1735
],
"serverCurrentTime": 1474549184722,
"timeDiff": -25200000,
"serverTimeZoneName": "Europe/Athens",
"serverTimeGMTDiff": 10800000,
"isLPA": false,
"isAdmin": true,
"accountTimeZoneId": "Europe/Athens"
},
"csdsCollectionResponse": {
"baseURIs": [
{
"account": "123456",
"baseURI": "domain.domain.net",
"service": "smt"
},
{
"account": "123456",
"baseURI": "domain.domain.net",
"service": "agentVep"
}
]
},
"accountData": {
"agentGroupsData": {
"items": [
{
"id": -1,
"deleted": false,
"name": "Main Group"
}
],
"revision": 1
}
},
"sessionTTl": "28800000",
"bearer": "9cf6ee24b6a1031e202f292a0ad20c8f52bfd9f01abc8b9489365995052c6603"
}
The response contains csrf (should be saved and used in refresh and logout), bearer, wsuk, siteConfig, csdsCollectionResponse, accountData and sessionTTl.
Retries
See the retry policy for guidelines. Login requests should not be sent more than once every 5 seconds for any given user. Excessive requests will receive a "429 Too Many Requests" response. This response may include a "Retry-After" header whose value specifies the number of milliseconds to wait before the next login request should be attempted.