The authentication service is always available with REST, you just need to send credentials on portal <abbrtitle="Uniform Resource Locator">URL</abbr>. But by default, the portal is protected by <ahref="security.html#portal"class="wikilink1"title="documentation:2.0:security">one time tokens to prevent CSRF</a>. You must disable them or set a rule (configuration parameter <code>requireToken</code>) so token will not be required for REST requests, for example:
<liclass="level1"><divclass="li"> POST data:</div>
<ul>
<liclass="level2"><divclass="li"><code>user</code>: user login</div>
</li>
<liclass="level2"><divclass="li"><code>password</code>: user password</div>
</li>
<liclass="level2"><divclass="li"> xxx: optional parameters, like <code>lmAuth</code> if your portal uses <code>Choice</code></div>
</li>
</ul>
</li>
</ul>
<p>
The JSON response fields are:
</p>
<ul>
<liclass="level1"><divclass="li"><code>result</code>: authentication result, <code>0</code> if it fails, <code>1</code> if it succeed</div>
</li>
<liclass="level1"><divclass="li"><code>error</code>: error code, the corresponding error can be found in <code>Lemonldap::NG::Portal::Main::Constants</code></div>
</li>
<liclass="level1"><divclass="li"><code>id</code>: if authentication succeed, the session id is returned in this field</div>
</li>
</ul>
<divclass="notetip">You can also get the cookie by reading the response header <code>Cookie</code> returned by the portal.
</div><divclass="noteimportant">Before version 2.0.4, the response to a success authentication had no <code>id</code> field, and <code>error</code> field was named <code>code</code><em>(use Cookie header to get id value)</em>.
</div>
</div>
<h4id="example">Example</h4>
<divclass="level4">
<ul>
<liclass="level1"><divclass="li"> Request with curl:</div>
REST functions for sessions are protected by Web Server, you can change this in <ahref="configlocation.html#portal"class="wikilink1"title="documentation:2.0:configlocation">portal configuration</a>.
</p>
<p>
See <ahref="restsessionbackend.html"class="wikilink1"title="documentation:2.0:restsessionbackend">REST session backend documentation</a> for more.
REST functions for configuration are protected by Web Server, you can change this in <ahref="configlocation.html#portal"class="wikilink1"title="documentation:2.0:configlocation">portal configuration</a>.