Table of Contents
Sessions
Sessions are used to authenticate subsequent request from a client. For the created session the client receives a token. This should be provided in the HTTP header X-Authentication for the following requests. The server can check with that token of the client authenticated before, and is also able to retrieve the user-id of that user from memory. The session should time out if no request occurs for a defined time.
Session information can be stored in PHP APCu for persistence between calls. While this approach requires the PHP-APCu extension to be present it does not rely on the PHP Session and is therefore also possible for clients which do not handle cookies.
Add a new session
POST /sessions
The provided token should be 64 byte (512-bit) of cryptographic strong entropy, encoded with base64.
Body
{
"username": "foo",
"password": "bar"
}
Response
| code | result |
|---|---|
| 201 | Everything okay, session was created |
| 403 | User credentials are not correct |
| 422 | One of the required fields is missing |
{
"username": "foo",
"token": "3X6x4Osgm1rFuujAv6fqf0O/ITlXJ3ChlvKdEnUy/kNZ/Dlzzr2sZ6OalqkFYRrgSulyL0e4E7DJf4NW35mpyQ=="
}
Delete Session (Log out)
| code | result |
|---|---|
| 204 | Everything okay, therefore the answer has not content |
| 404 | Session was not found |
DELETE /sessions/{token}