BBAPI: Authenticate Command
Authentication allows you to limit access to parts of your site or application while continuing to use the Nigma API. You can authenticate both users and/or admins using this command. The API will return the results of the request.
On This Page:
Available Commands
Authenticate
Request the Nigma API to authenticate a user or admin based on either login credentials or current session id's and keys.
Sub Commands
user
Authenticate a user login or session. If no sub-command is passed, user authentication is default. Authentication will fail if valid admin credentials are passed but you are requesting to authenticate as a user.
admin
Authenticate an admins credentials.
Example 1: Input
Here is an example of what would be sent to the API to login a user.
Example 1: Response
The API will return the results of your request in a similar way. Here is a response.
You should store both the sessionID and sessionKey for as long as the above user remains active on the site. You can then use the sessionID and sessionKey to continually authenticate the user. Both must be valid and active. The API will impose security limitations to prevent session hijacking such as limiting the lifespan of the sessionID's and sessionKey's. This lifespan can be altered in the config file.
The above two samples show how a user would be logged in. The below examples will show how to validate a user after he is already logged in.
Example 2: Input
The sessionID and sessionKey passed back after a successful login (above) should be stored in a session or cookie for the user. You would then use this information as illustrated below to authenticate a user who is already logged in.
Example 2: Response
Summary of Nodes
Here is a summary of the nodes that may be passed back and their meaning.
Node |
Type | Description |
|---|---|---|
sessionID |
Integer | Unique ID for session. Only used internally. |
| sessionSessionID | String | Unique ID for session.Should be stored by application for use in session authentication. |
| sessionKey | String | Unique Key to validate sessionSessionID. Should also be stored for use in session authentication. |
| sessionUserID | Integer | ID of user or admin (based on sub-command). |
| sessionImpression | Integer | Unix timestamp of last time session was authenticated. System will automatically delete old sessions. |
| sessionStart | Integer | Unix timestamp of when session was created. System will automatically delete old sessions. |
| sessionUserAgent | String | User agent that session was originally assigned to. Aids in extra security measure. |
| sessionLoggedIn | Char | Whether the session is active or not (ie. is user logged in?). y = yes, n = no |