Getting Started

Authentication & sessions

How Yurbi sessions work: getting a token, keeping it alive, and ending it.

The session-token model

Yurbi uses session tokens, not API keys. You exchange a username and password for a token, then send that token in the body of every subsequent request.

Get a token with DoLogin.
Send { "sessionToken": "..." } in the JSON body of every other call — not as an Authorization header.
Most management calls require an admin-level session.

Logging in

{
  "bolForceLogin": true,
  "isGuest": false,
  "UserId": "admin",
  "UserPassword": "your-password"
}

bolForceLogin is a legacy flag — always send true. Set isGuest: true only for anonymous guest sessions. On success, ErrorCode is 0 and the token is at LoginSession.SessionToken. On failure you get ErrorCode: 101.

Token lifetime

Expiration. Each token carries a SessionExpir timestamp. After it passes, the token is no longer valid.
Single active session. If the same token is used from another location, the earlier session is invalidated. Treat a token as belonging to one client.

To check whether a token is still valid, call CheckSession. To extend a token before it expires — without forcing the user to log in again — call RefreshSession. This is the basis of the keep-alive loop used when embedding content or signing users in with Single Sign-On.

Ending a session

Call DoLogout when a script or short-lived integration is finished, so you don't leave sessions open on the server.

Reference: Authentication endpoints
Embedding guide — applies this lifecycle to live dashboards.

Authentication & sessions

The session-token model

Logging in

Token lifetime

Ending a session

Related