Start session
A session ID is requested via the sessions resource. Therefore, call the POST route /application/sessions with username and password in the HTTP request body:
{
"username": "jdoe",
"password": "2r5iq|!O%{o@?ApR1q%8"
}
Please note: As the password is transferred in plain text, a secure connection (HTTPS) should be used.
The response text will be returned in the following JSON format:
{
"sessions": [{
"userName": "jdoe",
"sessionId": "ad21c2d0bf7e4bc130943e2004fdce03",
"loginTime": "2017-08-25T14:20:18+02:00",
"lastAction": "2017-08-25T14:20:18+02:00",
"ip": "2a02:8071:891:6000:f16b:8d12:d771:e057",
"sessionType": null,
"sessionName": "PHPSESSID"
}]
}
In the event of successful authentication a session ID (sessionId) is returned. Together with the session name (sessionName) it will be used as a cookie from client for subsequent requests. After making the request the Session can be finished.
If the user could not be identified based on the transferred data (e.g. due to false login credentials) the request will be rejected with the status code 401 and the message User is not authorized.
The session can be finished with the DELETE route /application/sessions. Thereby, the session of the authenticated user is destroyed.
In case of a successful sign out the status code 204 is returned.
Example
// Client has been initialized already
try {
// Start session (authenticate user)
$response = $client->post('application/sessions', [
'json' => [
'username' => 'jdoe',
'password' => '2r5iq|!O%{o@?ApR1q%8',
],
]);
// Determine session ID
$sessionData = json_decode($response->getBody(), true);
$sessionId = $sessionData['sessions'][0]['sessionId'];
echo "Session ID: " . $sessionId;
// ... further actions here ...
// Finish session
$response = $client->delete('application/sessions');
} catch(Exception $e) {
echo "Error: " . $e->getMessage();
}
$data = '{
"username": "jdoe",
"password": "2r5iq|!O%{o@?ApR1q%8"
}';
$headers = [
'Accept: application/json',
'Content-Type: application/json',
];
$url = 'http://example.org/jobrouter/api/rest/v2/application/sessions';
// Start session (authenticate user)
$curlHandle = curl_init();
curl_setopt($curlHandle, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curlHandle, CURLOPT_URL, $url);
curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curlHandle, CURLOPT_POST, 1);
curl_setopt($curlHandle, CURLOPT_POSTFIELDS, $data);
curl_setopt($curlHandle, CURLOPT_COOKIEJAR, 'path/to/cooke/file.cookie');
$response = curl_exec($curlHandle);
$code = curl_getinfo($curlHandle, CURLINFO_HTTP_CODE);
if ($code === 201) {
$response = json_decode($response, true);
$sessionId = $response['sessions'][0]['sessionId'];
} else {
echo 'Error during authentication: ' . $code;
var_export($response);
}
// ... further actions here ...
// Please note that a curl_reset call may be necessary
// to reset the cURL options before the next request call!
// Finish session
curl_reset($curlHandle);
curl_setopt($curlHandle, CURLOPT_URL, $url);
curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curlHandle, CURLOPT_CUSTOMREQUEST, 'DELETE');
curl_setopt($curlHandle, CURLOPT_COOKIEFILE, 'path/to/cooke/file.cookie');
curl_exec($curlHandle);
curl_close();
Please note: For larger projects, it makes sense to implement repetitive functions such as authentication and logout in separate classes resp. files.