Access to the API is secured through authentication tokens (as well as the use of HTTPS
as a protocol of communication).

A session must be initiated and authentication is required to establish a new session.
Error 401 (Unauthorised Access) is returned if an invalid or null session token
is presented.


The login API is used to obtain a token to open a session. This token must be used in
subsequent API calls.

  • If there is no activity for 15 minutes, the token expires and Error 401
    (Unauthorised) is returned when trying to perform further API calls. If so, login()
    must be performed again.
  • You can have many login() sessions open at the same time, but for best
    performance it is best to perform one call and do all activities in one session.
  • We recommend no more than 6 threads in a single session after login(). You can
    have more active threads (there is no limit), but performance will decline with
    more threads.

Parameters for this call must be passed inside the body to be accepted successfully. Calls
with parameters passed within the URL will be rejected with Error 415 (Unsupported
Media Type).