Token Authentication

Token authentication works by first executing a login with the user’s email address and password. The response will include an 
X-Zerista-Auth-Token header that you will include with subsequent requests. Each token expires 1 hour after it’s generation. After the token expires, you will need to execute another login with the user’s email address and password.

Login Request

[sourcecode language=”text” light=”true” autolinks=”false”]
POST https://{conference}


Parameter Details
user[email] User’s email address
user[password] User’s password


A successful response will include the User’s object in the format you requested.

HTTP Status Code Description
200 – OK Success.
401 – Unauthorized Invalid login credentials.
403 – Forbidden Access denied. Account is disabled or locked.

Subsequent Requests

For subsequent requests, include the X-Zerista-Auth-Token header with the value of the header from the login response. Do not sign the request.

Token Expiration

Every token expires 1 hour after generation. If a subsequent request returns a 401 – Unauthorized response, check for a X-Zerista-Auth-Token-Expired header. If this header is present, the token has expired and you must execute a new login request to obtain a new token. You may also execute a login request for a new token before the current token expires.

Logout Request

Executing the following request, without any parameters (but including the token header) will destroy the token from the database, effectively logging-out the user.

[sourcecode language=”text” light=”true” autolinks=”false”]
DELETE https://{conference}

Leave a Reply

Your email address will not be published.