StaffAPI - Logging In

Table of contents
1 Client request 1.1 POST arguments 2 Server response 2.1 Root node 2.2 Two Factor Key Request 2.3 Session data 2.4 Closing root node

Client request

To log in (authenticate the client), perform an HTTP POST (HTTP POST) request to the following URL:

<SWIFT_URL>/staffapi/index.php?/Core/Default/Login

Where <SWIFT_URL> is the base URL to the Kayako installation (e.g. 'http://support.mycompany.com/')

POST arguments

Make sure that your POST data complies with the encoding requirements

Argument	Value
username	The UTF-8-encoded username of the user to authenticate.
password	The user's password, urlencoded.
twofactorkey	Optional: The two factor authentication key (in plaintext). This value should be dispatched only when server requests it, which is when the staff user has enabled two factor authentication.

Server response

A standard server response containing a UTF-8 encoded XML payload in the following format:

Root node

The parent node for the entire XML payload. If you do not locate this node at the top level, it is likely that the server returned an error response. See error codes for further information.

Two Factor Key Request

The server will request a two factor authentication key if the staff user logging in has enabled two factor authentication. If your application receives this request, it should prompt the user for the two factor key and send the request again with the 'twofactorkey' POST argument as shown above.

Node name	Value
status	The server will send '2' as the status value if the two factor authentication is enabled.
error	The error message returned by SWIFT. i.e., "Please send the two factor authentication key to login."

Session data

Node name	Value
status	The status code of the login request. Any value other than '1' indicates failure.
error	If status does not equal '1', the error message returned by SWIFT. i.e., "Invalid username or password"
version	The human-readable form of the server's version (e.g. '4.0.0'). You may use this to test for feature compatibility.
sessionid	A unique string identifier for this staff api session. You must store this value for the duration of the synchronization process, as it will be required in every other request.
sessiontimeout	The amount of time (in seconds) before the session will expire due to inactivity. You should use this to determine if your application needs to re-authenticate before making any requests.
staffid	The unique numeric identifier of the staff member that was authenticated (You!)

Closing root node

The final XML node is simply the end of the original root node, completing the XML document.