Login & Security


All transactions are secured by SSL. The DMAPI server is using an official SSL certificate. Within the login procedure, the client is assigned an unique authorisation id ('Auth-Sid').


Username and Password

Every request (except login, of course) requires the presence of this Auth-Sid variable. An active session will expire after a period of inactivity (default: 1 hour).



In case you use a browser to access this interface, a session id will be set as a cookie, hence need not to be specified as Auth-Sid (unless cookies are not supported, or turned off). In any case, Auth-Sid has precedence if provided.


API Keys

Instead of using your user- and password credentials, you may also use so called 'API keys' for login. This way, you can create several DMAPI access facilities, which has several advantages:

  • you do not need to expose username and password in your scripts
  • API keys can be restricted to be "read only" (no modifications possible), or to allow 'modifications only' (can not produce costs)
  • you may hand API keys to your staff to enable them to do specific things with


Create your API keys in 'My Profile' in section 'Manage API access keys'


Example usage:


The result is the same as for "login"-request, you have to use the provided auth-sid for the subsequent actions.



Tags: API, security, session

Related entries:

You cannot comment on this entry