Authentication

Authentication lets a service know who you are. (Authorization, a separate process, determines what you can do after you've authenticated.) In the Kiln API, authentication is how you receive a session token that you must use for every API call, as discussed in API Idioms. And that call is:

Api/{version}/Auth/Login (POST or GET)

Takes parameters

• sUser: username
• sPassword: user password

And returns

• the token, which is a string

We highly recommend using POST instead of GET. The user corresponding to (sUser, sPassword) is the user that will be used for authorization. For example, if the user you've chosen is unable to create projects, the API for projects will prevent you as well. If you perform a call you're not authorized for, the Forbidden error will be returned. If you perform a call without a token or with an invalid token, the InvalidToken error will be returned.

Two-Factor Authentication

If your account has Two-factor authentication enabled, you will not be able to login using the API.  Instead, you can obtain a token using the User Options page, and reuse that token for all subsequent requests.  API tokens are valid until they are explicitly logged off or all tokens are expired (due to password reset, enabling 2FA, or using the Session Management page).