Creating a Session
POST /sessionIntroduction
Creates a session and issues a token, or refreshes the token using the refresh token.
When issuing an API command, specify the Token obtained by this command in the Authorization Header.
The token you created is valid for 30 minutes. This value cannot be extended even if the API command is issued.
The refresh token you created is valid for 10 hours.
HTTP status code 401 is returned if the user_name, password, or refresh_token is incorrect or if the password has expired.
Request Examples
The following shows an example where a Session is created with User = "USERNAME" and Password = "PASSWORD".
$ curl -i -H "Content-Type:application/json" -X POST "https://192.168.1.1:5665/api/v1/session" -d '{"user_name":"USERNAME","password":"PASSWORD"}'If a refresh token is issued when a session is created, you can use that refresh token to issue a token. This is an example of issuing a refresh token when creating a session.
$ curl -i -H "Content-Type:application/json" -X POST "https://192.168.1.1:5665/api/v1/session" -d '{ "grant_type":"password", "user_name":"USERNAME", "password":"PASSWORD" "is_refresh_token_required": true }'This is an example of reissuing a token using the refresh token.
$ curl -i -H "Content-Type:application/json" -X POST "https://192.168.1.1:5665/api/v1/session" -d '{ "grant_type":"refresh_token", "refresh_token": "q12e8uirwEoHuhkP01Bsoq.." }'
Response Examples
{
"session_id":100001,
"token":"EPReqpfudadf38193hfa39..",
"lifetime":1800,
"refresh_token":"3fhaafdAUerUAWErU3i22A.."
}After obtaining a Token, specify the Token in the Authorization Header of the API command to issue the command.
The following is an example that uses the curl command to obtain the session information using the token obtained in the above example.
$ curl -i -H "Authorization: Bearer g17e4umvwYoHuhkG7yCSee.." -X GET "https://192.168.1.1:5665/api/v1/session/100001"Parameters
REQUEST BODY
| grant_type | string Default: password Permission type. Select whether to create a new session and issue a token, or to refresh the token using the refresh token.
|
||||||
| user_name | string User Name. This item is required if grant_type is set as "password" or is omitted. Input criteria:
|
||||||
| password | string Password. This item is required if grant_type is set as "password" or is omitted. Input criteria:
|
||||||
| is_refresh_token_required | boolean Whether a refresh token is issued when a session is created. If true is specified, a refresh token is issued to reissue a token without specifying the User Name and Password. Input criteria:
Caution
If a refresh token is issued, you are kept logged in until the refresh token expires. After using a refresh token, delete the session immediately. |
||||||
| refresh_token | string Refresh token. This item must be specified if grant_type is set as refresh_token. Input criteria:
Caution
|
Responses
If the creation is successful, the HTTP status code will be 200 (OK) and the response body will respond.
RESPONSE BODY
| session_id | integer Session ID. |
| token | string Token. The authentication information used to identify the user. Specify this Token in the Authorization Header when issuing API commands. |
| lifetime | integer The remaining validity period of the token. The unit is seconds. If a refresh token is not issued, this period is identical to the time remaining before the session is automatically deleted. |
| refresh_token | string Refresh token. This is the authentication information used to reissue a new token without specifying the User Name and Password. This item is returned if grant_type is set as refresh_token or if is_refresh_token is set as true. |