Authentication

Authentication against the API is performed using the credentials of a normal MONITOR user. This allows the API to interact like a normal user against the system with change-track logging, etc.

Request

Below is an example authentication request.

POST /{languageCode}/{companyNumber}/login HTTP/1.1
Host: {host}:8001
Content-Type: application/json
Cache-Control: no-cache
Accept: application/json

{
  "Username": "EXAMPLE",
  "Password": "passwd",
  "ForceRelogin": true
}

ForceRelogin

Setting the ForceRelogin parameter to true will close all other active sessions for the given user.

Response

Success

Below is an example response received after a successful login attempt.

HTTP/1.1 200 OK
Content-Type: application/json
...
X-Monitor-SessionId: d497f3b1-a91a-4436-9ccd-45dc8c2eba79

{
  "$id": "1",
  "$type": "Monitor.ComponentModel.Rest.LoginResponse, Monitor.ComponentModel"
}

The response body of the request can be ignored as it only contains some serializer metadata. The important part of the response is the X-Monitor-SessionId header, put the value of the header aside as this is the identifier you will use to authenticate your requests with.

To authenticate a request with your session id, simply attach a X-Monitor-SessionId header to your request with the value of the identifier that you pulled from the authentication response.

Failure

In case of a login failure, the response would look as follows.

HTTP/1.1 403 Forbidden
Content-Type: application/json

"User login failed"

This typically occurs if the username or password is invalid.

Remarks

Authentication with the API is valid per-company which means that you cannot carry over your authenticated session from one company to another.

You may only have one active session per user at a time.