Security

Login & Security

 

All transactions are secured by SSL. The DMAPI server is using an official SSL certificate. Within the login procedure, the client is assigned an unique authorisation id ('Auth-Sid').

 

Username and Password

Every request (except login, of course) requires the presence of this Auth-Sid variable. An active session will expire after a period of inactivity (default: 1 hour).

Example:

 

https://dmapi.joker.com/request/query-domain-list?auth-sid=20ddb8c3b2ea758dcf9fa4c7f46c0784

 

In case you use a browser to access this interface, a session id will be set as a cookie, hence need not to be specified as Auth-Sid (unless cookies are not supported, or turned off). In any case, Auth-Sid has precedence if provided.

 

API Keys

Instead of using your user- and password credentials, you may also use so called 'API keys' for login. This way, you can create several DMAPI access facilities, which has several advantages:

  • you do not need to expose username and password in your scripts
  • API keys can be restricted to be "read only" (no modifications possible), or to allow 'modifications only' (can not produce costs)
  • you may hand API keys to your staff to enable them to do specific things with Joker.com

 

Create your API keys in 'My Profile' in section 'Manage Joker.com API access keys'

 

Example usage:

 

https://dmapi.joker.com/request/login?api-key=Key_created_in_your_Profile_at_Joker.com

 

The result is the same as for "login"-request, you have to use the provided auth-sid for the subsequent actions.

 

 

Tags: API, security, session

Related entries:

You cannot comment on this entry