Token authentication works by first executing a login with the user’s email address and password. The response will include an
X-Zerista-Auth-Token header that you will include with subsequent requests. Each token expires 1 hour after it’s generation. After the token expires, you will need to execute another login with the user’s email address and password.
||User’s email address|
A successful response will include the User’s object in the format you requested.
|HTTP Status Code||Description|
|200 – OK||Success.|
|401 – Unauthorized||Invalid login credentials.|
|403 – Forbidden||Access denied. Account is disabled or locked.|
For subsequent requests, include the
X-Zerista-Auth-Token header with the value of the header from the login response. Do not sign the request.
Every token expires 1 hour after generation. If a subsequent request returns a 401 – Unauthorized response, check for a
X-Zerista-Auth-Token-Expired header. If this header is present, the token has expired and you must execute a new login request to obtain a new token. You may also execute a login request for a new token before the current token expires.
Executing the following request, without any parameters (but including the token header) will destroy the token from the database, effectively logging-out the user.