Can a session token be generated in pure HTTP?


#1

Hi All

I want to simplify a few things for the coders and avoid headers. Can we create session tokens like this?

http://xxx.xxx.xx.xxx/api/v2/user/session?method=get&api_key=4d18fd67a5d1ffce16dxxxxxxxxxxxxxxxxx&email=user@myemail.com&password=user123&duration=20&accept=json

If so, why does the above not work? And also if so, can everything be done using only http?

Many thanks for all your help on this forum, it is great.

Charlie


URL Parameter "accept" not working?
#2

Take a look at:
http://wiki.dreamfactory.com/DreamFactory/API#API_Key

(Thanks @juniorconte for the tip.)


#3

I believe the answer to my question is currently “no” because according to this post parameters are not accepted in the url - only in the headers. Can someone correct me if I am mistaken?


#4

You are correct that your scenario is not workable.
To create a session, you must POST to user/session with a POST payload that includes the user’s email and password


#5

OK, no worries and with thanks. And then even if we have POSTed to get the session token we still cannot use a URL only because the params need to be in the header too right?


#6

You can pass the api key and session token in the URL as parameters rather than headers.
ex:http://myurl/api/v2/db/_table/todo?api_key=myapikey&session_token=mysessiontoken


#7

Thanks Drew, you are right, and I tested it. After the session token is generated, a heck of lot of data can be consumed in http without the need for posting headers. So as a simple url does the trick in most cases.