In order to access any of the APIs, a few valid items are prerequisite:

  • Username
  • Password
  • Session Information (session_name and sessid)
  • X-CSRF-Token

The following describes how to use and maintain these items.

Initial Contact: Login 

If this is a net new communication with, the first step is to establish a session with the site framework. Using the username and password creation during registration (don't have one? get one now), provide those details within the Login service call.

If this was successful, the return should include some vital pieces of information required for future service calls:

  • Session Information (session_name and sessid)
  • X-CSRF-Token

Each of this bits of data are now required for future service calls since this will positively idenfity the user which is attemting to interact with the service calls. 

Constructing the Necessary Headers

Using the bits of data returned from the login service call, there are two headers required on each service call:

  • Cookie
  • X-CSRF-Token

Each are constructed differently.


The cookie is made up of two parts, the session_name and the sessid: session_name=sessid

When constructing the Cookie, concatenate these necessary data bits.


For this header simply provide the token sent back during a successful login. If this token is lost or needs to be refreshed, the Token Retrieval service call will provide the necessary means. The Cookie information will be required for that operation.


For example, the headers sent in during a service call might look like the following:

'Cookie': 'SESS23453efw3trcasdcweqrt3wt=34c2c3t542t4c23t5232345vh'
'X-CSRF-Token': 'dsafgsdgfs43t4354g452g24g54gtAASDF'
Display Order: