Before start using API, you should authenticate to create a session.
Authentication:
There are 2 ways to start the session:
- Using your API key, login and password details;
- Using your API key, login and encrypted password details.
- API key, login and password details. The value of the encryptionKey parameter in the POST /session endpoint = false
- Here you should simply use the POST /session endpoint and mention the received in the platform’s Settings API key in the X-CAP-API-KEY header, login and password info in the identifier and password parameters. - API key, login and encrypted password details. The value of the encryptionKey parameter in the POST /session endpoint = true
- First of all you should use the GET /session/encryptionKey and mention the generated in the platform’s Settings API key in the X-CAP-API-KEY header. As a response you will receive the encryptionKey and timestamp parameters;
- Using the received encryptionKey and timestamp parameters you should encrypt your password using the AES encryption method.
- Go to the POST /session endpoint, set true value for the encryptionKey parameter and mention the received in the platform’s Settings API key in the X-CAP-API-KEY header, login and prior encrypted password info in the identifier and password parameters.
Upon starting the session you will receive the CST and X-SECURITY-TOKEN parameters in the response headers. Both of these tokens are to be used in the headers of every request you are sending.