The SenseIoT API supports different ways of authentication for different types of clients and access methods.

In order to upload and retrieve information, a user first needs to login with its username and password hash (see Login user). If the login is successful, the user will get a session_id which is provided in the response content, in the header with the name X-SESSION_ID, and in the Set-Cookie header as session_id

For every request that needs authorization the session_id needs to be specified either in the X-SESSION_ID header, the Cookie header as session_id, or as parameter with the name session_id.

Third party applications that want to access restricted user data from SenseIoT should use OAuth. In order to use our OAuth service you should first register your application at http://api.sense-os.nl/oauth/register_app. A description of how to use OAuth for SenseIoT can be found here: CommonsenseOAuthDoc.pdf

With this method a user can login with his username and md5 password hash.
The response header will contain a X-SESSIONID header and a cookie with a sessionid.
This session_id can be used for authentication. A user can be logged in on multiple locations.
Sessions older than a week become invalid when a user logs in on a new location.

The username and md5 password hash

{
    "username": "testuser",
    "password": "098f6bcd4621d373cade4e832627b4f6"
}

With this method the password of the current user can be changed.

The current and new password in md5 hash

{
    "current_password": "098f6bcd4621d373cade4e832627b4f6",
    "new_password": "4216455ceebbc3038bd0550c85b6a3bf"
}

Users can request a password reset by specifying their e-mail address or username.
An e-mail will be send to the specified or known e-mail address with an URL to reset the password.

This method will logout the user by destroying its cookie and session