Page tree
Skip to end of metadata
Go to start of metadata

The session API is located in the editor module, it enables authentication to translate5 via API.

Provides actions about the authenticated user

User sessions can be created / deleted by this API. Also some status information to the authenticated user can be retrieved.

URL:

/editor/session/[SESSION_ID]

Available Methods:

GET/POST/DELETE

Specialities:

See below

POST Request

The POST requests needs the following two parameters either as data object or plain form parameters:

Name

Type

Info

login

string

The user to be authenticated.

passwd

string

The passwd of the user to be authenticated.

taskGuidstringOptional: The taskGuid of the task which should be opened for the user.

POST resulting resource layout

Returns HTTP 200 when login was successful, 400 when parameters are missing, 403 when credentials were wrong.
When using the optional parameter taskGuid, 404 can happen when the task to the given taskGuid can not be found. When the user is no PM user and it is not associated to the task, also a 403 is triggered.

A successful result looks like:

Name

Type

Info

sessionId

string

the sessionId of the newly created session, can be used directly for further API communication.

The given sessionId is essential for further usage of other requests to the API, see below in the section API Usage.

sessionToken

string

A one time usable token which can be passed to the users browser for overtaking the created session.

For example: Users are administered by your software, translate5 is just embedded.
Users authenticate themselves on your system, your system authenticates them via API at translate5.
Your system then provides a link containing the sessionToken parameter:
  /editor?sessionToken=RECEIVED_TOKEN
After clicking on this URL translate5 will be opened with the authenticated user.
The token is only callable one time to prohibit misusage.

 

GET resulting resource layout

For GET the sessionId must be part of the URL, like the usual ID parameter: /editor/session/SESSION_ID

Returns HTTP 200 when user is authenticated, 404 otherwise.

Name

Type

Info

state

string

contains "authenticated" or "not authenticated"

user

object

contains the authenticated user or null. The users structure is as described in the user API.

DELETE call

For DELETE the sessionId must be part of the URL, like the usual ID parameter: /editor/session/SESSION_ID

Returns HTTP 200 when session was destroyed, 404 otherwise.

Instead of the session ID also the internalSessionUniqId can be provided. Thats possible for DELETE only, and the calling user must be an API user.

Using the received sessionId in other API calls

Translate5 does not use a traditional RESTful authentication, but uses sessions for this purpose.

To use the API as an authenticated user, first a session must be generated by the above mentioned session POST call.
The received sessionId must be given on each other request to the API as cookie HTTP header.

Example HTTP Header to provide the Session ID as cookie value:
Cookie: zfExtended=GIVEN_SESSION_ID