REST APIs : Getting started : How to create a REST API session
  
How to create a REST API session
 
Page Contents
Sessions automatically time out after inactivity
An authenticated REST session must be created before API requests can be sent or received. Use a REST client to create a REST API session to interface with the software.
A REST client of some type is required.
Supported languages
A way to accept the self-signed certificate
Knowledge of your base URI
Video 1: Creating a session
Creating a REST API sesssion is similar to logging in to using a web browser. The only difference is that a web browser (in the typical sense) is never used. Instead, you need an application capable of sending and receiving HTTP requests—a REST client. REST clients are different than web browsers, although some REST clients are built on-top of web browsers like Chromium because they share interchangeable parts. Your institution, or contractor if you hired one, might be using a proprietary or unique REST client, but the underlying workings are the same for each. As we documented our REST API, we experimented with a few different REST clients, including cURL. Ultimately, the Postman REST client was our favorite, and it was used to create our code samples and examples in these documents.
To create a REST API session:
1. Create a POST request.
a. Point the POST request to base-uri/session.
b. Set the Accept header to application/json or application/xml.
c. Set the Content-Type header to application/json.
Note: The only content type accepted for creating a REST API session is JSON.
d. Populate the request body with a JSON object named session containing username and password and passing a valid user name and password.
Figure 1: Select All

{
"session" : {
"username" : "julia",
"password" : "birdwatcher25"
}
}
Tip! Your user name and password are never sent in clear text. Every request and response uses TLS.
For Observer Analyzer trace extractions, The username must be admin if Observer is not managed by OMS; otherwise it is your OMS user name.
The password OMS password if using an OMS user; otherwise, it is the Observer GigaStor probe administration password that was set in Observer. If a password was not set, then use an empty string (””).
When logging in to an Apex system (full license) managed by OMS:
You are being asked for OMS user credentials.
Use your OMS user name and password.
Depending on your OMS authentication settings, this could be your Active Directory, LDAP, RADIUS, or TACACS+ logon credentials—or the OMS local user list.
When logging in to an Apex system (full license) not managed by OMS:
You are being asked for Apex user credentials.
Use a user name and password that was set up in Apex.
You may also try admin/admin if the admin password was never changed.
2. Send the POST request to base-uri/session.
If your request is denied, ensure you have accepted the self-signed certificate.
replies with a 200 OK code if successful. If you receive the 200 OK, you successfully created a REST API session. Now the session must be invoked each subsequent request you make. This is done using the Cookie header that you will create.
3. Create another header named Cookie to place alongside Content-Type and Accept.
4. Examine the response body for a string or cookie containing SessionApexId that leads to a long string of characters.
Example: The full string might look like this: 14967b34a4c611523116fd. This is your session ID.
5. Set the Cookie header to SessionApexId=14967b34a4c611523116fd, replacing the example string of characters with the one you extracted from your POST response.
Your session may automatically time out. See Sessions automatically time out after inactivity.
 
You successfully created a REST API session. You sent a POST request with a user name and password, and the REST API responded with a 200 OK and a session ID. The session ID must be used for all subsequent requests. The session will last until timing-out from inactivity or it is ended with a DELETE request on base-uri/session.
 
 
Upon successful creation of a REST API session, the full response body might look similar to this:
Figure 2: Select All
Sessions automatically time out after inactivity
For security reasons, sessions automatically close based on a period of activity.
 
Product
Details
Apex
A session timeout is optional. If set, sessions automatically close after a user configurable amount of time. See Apex General Settings.
GigaStor
All sessions automatically close after 10 minutes of inactivity. This value is not configurable.
OMS
A session timeout is optional. If set, sessions automatically close after a user configurable amount of time. See How to configure how user accounts authenticate. The default is 0, which means that the session never times out.