Please enable JavaScript to view this site.

The manual for the JobRouter developer

Navigation: REST-API-Examples > Practical examples > Authentication

Authentication with Session ID

Scroll Prev Top Next More

Start session

A session ID is requested via the sessions resource. Therefore, call the POST route /application/sessions with username and password in the HTTP request body:

{

    "username": "jdoe",

    "password": "2r5iq|!O%{o@?ApR1q%8"

}

Please note: As the password is transferred in plain text, a secure connection (HTTPS) should be used.

The response text will be returned in the following JSON format:

{

    "sessions": [{

        "userName": "jdoe",

        "sessionId": "ad21c2d0bf7e4bc130943e2004fdce03",

        "loginTime": "2017-08-25T14:20:18+02:00",

        "lastAction": "2017-08-25T14:20:18+02:00",

        "ip": "2a02:8071:891:6000:f16b:8d12:d771:e057",

        "sessionType": null,

        "sessionName": "PHPSESSID"

    }]

}

In the event of successful authentication a session ID (sessionId) is returned. Together with the session name (sessionName) it will be used as a cookie from client for subsequent requests. After making the request the Session can be finished.

If the user could not be identified based on the transferred data (e.g. due to false login credentials) the request will be rejected with the status code 401 and the message User is not authorized.

Finish session

The session can be finished with the DELETE route /application/sessions. Thereby, the session of the authenticated user is destroyed.

In case of a successful sign out the status code 204 is returned.

Example

guzzlehttp

// Client has been initialized already

 

try {

    // Start session (authenticate user)

    $response = $client->post('application/sessions', [

        'json' => [

            'username' => 'jdoe',

            'password' => '2r5iq|!O%{o@?ApR1q%8',

        ],

    ]);

 

    // Determine session ID

    $sessionData = json_decode($response->getBody(), true);

    $sessionId = $sessionData['sessions'][0]['sessionId'];

    echo "Session ID: " . $sessionId;

 

    // ... further actions here ...

 

    // Finish session

    $response = $client->delete('application/sessions');

} catch(Exception $e) {

    echo "Error: " . $e->getMessage();

}

cURL

$data = '{

        "username": "jdoe",

        "password": "2r5iq|!O%{o@?ApR1q%8"

    }';

 

$headers = [

    'Accept: application/json',

    'Content-Type: application/json',

];

 

$url = 'http://example.org/jobrouter/api/rest/v2/application/sessions';

 

// Start session (authenticate user)

$curlHandle = curl_init();

curl_setopt($curlHandle, CURLOPT_HTTPHEADER, $headers);

curl_setopt($curlHandle, CURLOPT_URL, $url);

curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);

curl_setopt($curlHandle, CURLOPT_POST, 1);

curl_setopt($curlHandle, CURLOPT_POSTFIELDS, $data);

curl_setopt($curlHandle, CURLOPT_COOKIEJAR, 'path/to/cooke/file.cookie');

 

$response = curl_exec($curlHandle);

 

$code = curl_getinfo($curlHandle, CURLINFO_HTTP_CODE);

 

if ($code === 201) {

    $response = json_decode($response, true);

    $sessionId = $response['sessions'][0]['sessionId'];

} else {

    echo 'Error during authentication: ' . $code;

    var_export($response);

}

 

// ... further actions here ...

// Please note that a curl_reset call may be necessary

// to reset the cURL options before the next request call!

 

// Finish session

curl_reset($curlHandle);

curl_setopt($curlHandle, CURLOPT_URL, $url);

curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);

curl_setopt($curlHandle, CURLOPT_CUSTOMREQUEST, 'DELETE');

curl_setopt($curlHandle, CURLOPT_COOKIEFILE, 'path/to/cooke/file.cookie');

 

curl_exec($curlHandle);

 

curl_close();

Please note: For larger projects, it makes sense to implement repetitive functions such as authentication and logout in separate classes resp. files.