Authentication

There are two ways to authenticate yourself to consume the API methods.

Firstly, authentication is done with the use of the POST/api/Authenticate method. This API method creates a security token which should be presented in all subsequent requests to the API. The session will stay alive for 20 minutes; the idle timer will renew after every request.

Secondly, Authentication is done through the use of a valid username and password. Each API call should include these as HTTP header fields, together with another field called SystemInformation to identify the correct REST API system. For example using C#:

var URL = "https://api.abillity.co.uk/api/"; var urlParameters = "?api_key=123"; HttpClient client = new HttpClient(); client.BaseAddress = new Uri(URL + "site"); //making a site request // Add an Accept header for JSON format. client.DefaultRequestHeaders.Accept.Add( new MediaTypeWithQualityHeaderValue("application/json")); //Authentication headers client.DefaultRequestHeaders.Add("SystemInformation", "SYSTEM"); client.DefaultRequestHeaders.Add("username", "USERNAME"); client.DefaultRequestHeaders.Add("password", "PASSWORD");

 

Permissions

The data accessible through the API methods is dependant upon the permissions and access rights of the specified username. This will be set up by the API system administrator. For example, when agents request a GET company command then only their companies will be returned.