Each session is accessed via /api/session and has the following properties:
The unique id of the session. It will never change.
The uniq id of the user attached to this session.
An integer representing the number of times this session has been extended by interacting with the server.
The IP address from which this session was created.
In order to get more than the publicly available information, you'll need to authenticate and get a session id. The methods detailed herein will help you with that.
Authenticates a user by username and password.
POST /api/session
NOTE: Only developers can log in using this interface. To have regular users log in through your application you must use the Single Sign On interface.
The username of a user already in the system. Required.
The corresponding password of the user who's username was specified. Required.
See APIKey. Required.
Returns:
{
"id" : "xxx",
"wing_object_type" : "session",
"user_id" : "xxx",
...
}
See User for complete details about what's contained in a user object.
Destroys a session, to ensure no one else can use it.
DELETE /api/session/xxx
Returns:
{
"success" : 1
}
Returns the properties of a session.
GET /api/session/xxx
Returns:
{
"id" : "xxx",
"wing_object_type" : "session",
"user_id" : "xxx"
}
Using an APIKey you can ask for permissions so that you can authenticate on behalf of a user through single-sign-on (SSO). Read the details in APIKey first. Then you can request a session using your sso_id like so:
POST /api/session/sso/xxx
The private key generated when you create an APIKey
Returns:
{
"id" : "xxx",
"wing_object_type" : "session",
"user_id" : "xxx",
...
}