Jump to content


API Session Duration/Logout

API authentication

  • Please log in to reply
2 replies to this topic

#1 rob@dzhon.com



  • Members
  • Pip
  • 1 posts

Posted 23 November 2014 - 10:33 PM



We have started integration of Zurmo with our mobile workforce platform and are working through a number of activities.  Whilst we understand the authentication process then submission of token/sessionid as headers of subsequent calls, there is no information we've found relating to the duration of the session or indeed any logout process.  Should we re authenticate before each call, or should we persist the token/sessionid for subsequent calls?  If persistence/reuse is recommended, what duration or timeout processes may be present that would trigger re authentication being required?  We do not see a logout process either and are interested if there is one available (just not documented).  What are the concurrent session limits (if any) on the API?


Any suggestions as to how best to approach this very much appreciated.



#2 Ivica


    Advanced Member

  • Moderators
  • 565 posts

Posted 25 November 2014 - 03:50 PM

Duration of session depends on session timeout on your web server.

We recommend you that you authenticate user before every API request, to be safe that sesssionId is not expired.


There is logout api call, we just forget to document it. Use next APi  endpoint: "zurmo/api/logout" with "GET" request.

#3 marvinn



  • Members
  • Pip
  • 7 posts

Posted 25 January 2016 - 06:47 PM

It's a little more complicated than just web server request. You also have to set the cookie timeout (assuming Zurmo uses cookies)and the implement the session timeout, all of which can be set or added programically in Zurmo. Perhaps this can be added to the next version of Zurmo.


Other programs, like Joomla, allow you to set the timeout duration.

Also tagged with one or more of these keywords: API, authentication

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users