Open topic with navigation
The sign_in resource requests authorization.
This resource sets the authentication cookies required for future requests. A sign_in may fail if there are still valid authentication cookies. The cookies can be reset with a request to sign_out.
Supported HTTP methods
The Content-Type header is application/json.
For user credentials: JSON object with the credentials information
For API key:
|Successful authentication||200 (OK)||A cookie with the name LWSSO_COOKIE_KEY is set as a response cookie. See Cookies.|
|Failed authentication||401 (Unauthorized)||Not authenticated.|
Upon successful authentication, a cookie with the name LWSSO_COOKIE_KEY is set as a response cookie.
This cookie is expected to be sent in each subsequent request.
This cookie is the authentication cookie.
This timeout of the cookie is 3 hours.
The value of this cookie can be refreshed upon specific subsequent call (renewal) of the cookie.
If using the refreshed cookie, the timeout is extended.
The limit for refreshing the cookie is 24 hours. This means that upon authentication, the original cookie can be refreshed up to 24 hours (if always using the refreshed cookie sent from server).
A cookie with the name HPSSO_COOKIE_CSRF is sent as a response cookie if specified. By default, this cookie is not sent.
If enabled, the value of this cookie must be sent in subsequent requests via the header named HPSSO-HEADER-CSRF.
This cookie is useful for prevention of CSRF attacks.
To return the HPSSO_COOKIE_CSRF cookie, specify the boolean property enable_csrf with the value true in the payload.