Accessing Unibase applications using session ids

Session ids

To make a web API call from a client such as a mobile application, you must supply a session id with the call. The session id acts like an electronic key that lets you access the API.

Unibase provides a session id service for application customers. When you request a session the service returns a unique session id in exchange for the user name and password for an application account.

Unibase does not have a concept of a guest account and all access conversations must be started with the exchange of a username and password. This will get the user an appropriate session id.

Use the following calls to get an authentication token:

Request REST cgi
Get access token /rest/session /cgi-bin/session

For most web API calls, you supply the session id in the Sessionid request header to prove your identity. The session id expires after 72 hours of inactivity. Good practice is to request a new session id before each set of calls. There is no penalty for this.

The user name controls access and options available.

Get a session id

To get a session id you need to call the session endpoint for the application:

with username and password as the POST data.

For example, in the POST endpoint:

  • The server is
  • the web service is rest
  • the resource is /session.

The following example uses the curl command to request a session id for a customer account:

curl "" -d '' -d 'password=customer1pw'

For more information about the curl command, see Use cURL to run the request

Authentication token response

A successful request returns a response body with the token, as follows:


Use the token in a Web API request

Any web API call that accesses a resource requires must contain the sessionid in the header To do this, specify a HTTP header in the following format:

Sessionid: <session id>

For example, to make a web API call with a sessionid:

curl "" -H "Sessionid: asdf3hjklp5iuytre"