JSON API method isLoggedin vs Login

Discussion for TimeTrex open source community developers.
Post Reply
tadd
Posts: 16
Joined: Wed Mar 21, 2018 7:24 am

JSON API method isLoggedin vs Login

Post by tadd »

I am confirming that the user still has a valid session by the script below on a different page to the one i use to login.I am supplying an active session number to variable TIMETREX_SESSION_ID. I get a return echo that the user is logged in but no data. It looks like Timetrex API requires me to supply a username and password then use the Login Method before i query data. How do I get data without having to login every time i need to fetch data.
$TIMETREX_SESSION_ID = postToURL( buildURL( 'APIAuthentication', 'isLoggedin' ),$TIMETREX_SESSION_ID );
if ( $TIMETREX_SESSION_ID == FALSE ) {
echo "Login Failed!1<br>\n";
exit;
} else {
//echo "Session ID: $TIMETREX_SESSION_ID<br>\n";
echo "user is loggedin";
$user_data = postToURL( buildURL( 'APIUser', 'getUser' ), null);
print_r($user_data);

}
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: JSON API method isLoggedin vs Login

Post by shaunw »

I'm not sure I understand your question, you of course must login every time you intend to make API calls for security reasons. You only need to login once per "session" though, so you can login, make as many API calls as you wish, then logout when done.

The isLoggedIn() method is intended to be used when you already have a SessionID but it has been idle for a long period of time and you want to see if its still valid on the server to be used for subsequent API calls. It does not take a SessionID as an argument, instead it only uses your existing SessionID passed by cookie or on the URL, so normally you would not pass any arguments to it. Normally its rarely if ever used unless you are developing a UI.

If you are looking to optimize API calls that are very sporadic but executed 24/7, you would need to make your own wrapper around all API calls that check for a response like this:

Code: Select all

{
    "api_retval": false,
    "api_details": {
        "code": "SESSION",
        "description": "Class APIUserTitle does not exist, or unauthenticated.",
        "record_details": {
            "total": 0,
            "valid": 0,
            "invalid": 0
        },
        "user_generic_status_batch_id": false,
        "details": false
    }
}
The essential part to check being 'api_retval' = FALSE and ['api_details']['code'] = 'SESSION'. Whenever you see a code of 'SESSION', you would need to login again. So the general process would look something like this:

Code: Select all

<Login: Save Session ID to local storage to be used for all subsequent calls>
<Random API Call: Success>
<Random API Call: Success>
<Random API Call: Success>
... Long period of inactivity, session expires on server...
<Random API Call: Fail with code SESSION>
  <Login: Save new Session ID to local storage to be used for all subsequent calls>
  <Retry original API call: Success>
<Random API Call: Success>
<Random API Call: Success>
<Random API Call: Success>
...
The above would allow you to only login when needed, which depending on how often you make API calls may only be once for weeks on end, or once every few hours. Either way it would be handled completely automatically for you in your wrapper.
tadd
Posts: 16
Joined: Wed Mar 21, 2018 7:24 am

Re: JSON API method isLoggedin vs Login

Post by tadd »

Now working.

Thanks.

My script was modifying the sessionID that was being passed to the API call. I changed the variable that i was using to check isLoggedIn
Post Reply