B. Token Authentication, User Mimicking
You may execute a login on behalf a user and execute subsequent requests as that user (mimicking). Token authentication works by first executing a login with the user’s email address and password. The response will include an
X-Zerista-Auth-Token header that you will include with subsequent requests. Each token expires 1 hour after it’s generation. After the token expires, you will need to execute another login with the user’s email address and password.
Login Request
POST https://{conference}.zerista.com/login/api
Parameters
| Parameter | Details |
|---|---|
user[email] |
User’s email address |
user[password] |
User’s password |
Response
A successful response will include the User’s object in the format you requested.
| HTTP Status Code | Description |
|---|---|
| 200 – OK | Success. |
| 401 – Unauthorized | Invalid login credentials. |
| 403 – Forbidden | Access denied. Account is disabled or locked. |
Subsequent Requests
For subsequent requests, include the X-Zerista-Auth-Token header with the value of the header from the login response. Do not sign the request.
Token Expiration
Every token expires 1 hour after generation. If a subsequent request returns a 401 – Unauthorized response, check for a X-Zerista-Auth-Token-Expired header. If this header is present, the token has expired and you must execute a new login request to obtain a new token. You may also execute a login request for a new token before the current token expires.
Logout Request
Executing the following request, without any parameters (but including the token header) will destroy the token from the database, effectively logging-out the user.
DELETE https://{conference}.zerista.com/login/api
