Login operation requires two obvious mandatory parameters: username and password. An optional parameter is a note that may store auxiliary data related to the concrete session. For instance, you can store a user IP address or his browsed ID in the note.
The result of the login is a ticket represented by LoginSession object. It includes:
The most important fields are Token and Valid-until. The first one is used as a ticket (secret) number for various API calls. Valid-until defines the expiration interval of the ticket. This interval is adapted if the ticket is used in API calls. On the other hand, the ticket cannot be valid forever, thus the Valid-until attribute may not be updated for very old tickets (concrete settings depends on the server configuration). If the ticket is expired, then API calls will not accept it and you must generate a new one with a new invocation of login.
The ticket (token) can be check with check operation - the result is an updated LoginSession object.
If you do not need the valid user session anymore, use logout operation to destroy the ticket, i.e. LoginSession object.
POST /sn/rest/api/login with form attributes "u" (username), "p" (password) and "n" (note). The three attributes are the last three segments in the GET operation which is also supported by the current API, i.e. you can use GET /sn/rest/api/login/test1@test.domain/password/Java-client for the same action, if your implementation has troubles to use the proper method with POST and FORM.
{"loginSession": { "created":"2015-07-14T15:40:52.738+02:00", "id":35, "idUser":3, "note":"[0:0:0:0:0:0:0:1 GET] Java-client", "roleArray":[], "token":"949d584b-c180-4f72-8845-bdfc5ba19402", "username":"test1@test.domain", "validUntil":"2015-07-14T18:40:52.738+02:00" } }
the check operation updates the validity of the ticket GET /sn/rest/api/949d584b-c180-4f72-8845-bdfc5ba19402
{"loginSession": { "created":"2015-07-14T15:40:52.738+02:00", "id":35, "idUser":3, "note":"[0:0:0:0:0:0:0:1 GET] Java-client", "roleArray":[], "token":"949d584b-c180-4f72-8845-bdfc5ba19402", "username":"test1@test.domain", "validUntil":"2015-07-14T18:46:51.581+02:00" } }
You can see that the Valid-until attribute is modified. After logout DELETE /sn/rest/api/949d584b-c180-4f72-8845-bdfc5ba19402, the check operation just returns HTTP 204 "No content".
These three steps can be easily implemented using our RestClient class as described in System-to-User API:
try (RestClient client = new RestClient("https://sensnet.cythres.cz/sn/rest")) { // login LoginSessionNoJpa session = client.login("test1@test.domain", "password", "Java-client"); System.out.println(session.toString()); session = client.check(session); boolean result = client.logout(session); System.out.println(result); }