Cookies

The REST API uses cookie-based authentication.

Cookies used by the REST API

The following cookies are used by the REST API:

Cookie Description
LWSSO_COOKIE_KEY

Mandatory cookie.

This is the authentication token.

This cookie is expected to be sent in each subsequent request. It is returned in the response of a successful authentication request.

For details, see sign_in.

HPSSO_COOKIE_CSRF

A cookie that is related to the protocol for preventing CSRF attacks.

For details, see sign_in.

Back to top

Session management and expiration

In any request you send to the server, return all cookies sent by the server in the preceding response using the "Set-Cookie" header. See http://tools.ietf.org/html/rfc6265. Failing to resend cookies can result in authentication expiration while the user is interacting with the REST API service.

After 24 hours, the session cookies expire. Using the REST API after the cookies expire generates a 401 error. Re-authenticate to continue.

Back to top

See also: