Skip Navigation
Session authentication for REST API
Answer ID 11153   |   Last Review Date 10/11/2019

How do I implement session authentication for the Connect REST API?


Connect REST API


Session authentication for the Connect REST API is primarily used with the Agent Browser UI (BUI) Extensibility Framework. BUI extensions can obtain a session token for authentication through the IExtensionGlobalContext.getSessionToken function. For details please see the IExtensionGlobalContext section within the Agent Browser UI (BUI) Extensibility Framework API documentation.

Alternatively, a session token can be obtained using a custom script. To get the session token - the script will use code documented here:

Connect PHP API -> API access control and authentication -> Authenticating with AgentAuthenticator()

Use this URL as an example to return a session token (account username and password can be passed as arguments to the script rather - but in this example they are hard-coded):

https://[cp domain URL for site interface]/cgi-bin/[interface name with underscore].cfg/php/custom/session_token.php

Contents of session_token.php script located in /cgi-bin/[interface name with underscore].cfg/scripts/custom/src/session_token.php on server (in custom scripts directory in console File Manager):


if (!defined('DOCROOT')) {
    define('DOCROOT', get_cfg_var('doc_root'));

require_once (DOCROOT . '/include/services/AgentAuthenticator.phph');
$account = AgentAuthenticator::authenticateCredentials('account username', 'account password');

print $account['session_id'];

Then, using the Postman application as an example, this request will return the data for contact object with id 1:


No Auth



Session [the session token obtained from custom script]

For further details please see the Quick Start section within the Connect REST API documentation.