API authorization

Authorizes the user on the system. All API methods can be used only after authorization.

In response to the request, upon successful authorization, in addition to the response body, the cookie file containing the session key is returned, similar to working with the WEB browser. For further requests to the API, you need to return the received cookies back. The session life time is 15 minutes.

All requests to the API come from the user whose details were used for authorization through this method. In doing so, we take into account all user rights, i.e. The API can not get more data than the user can view through the interfaces of the system. We recommend for the API to create a separate user for a more specific configuration of the rights of the connected application.

Method URL



Parameter Description
User login. The login is e-mail.
The user’s key, which can be obtained from the user profile edit page.

The method can also accept an optional GET parameter.

Parameter Description
type If type = json, the response will be in JSON format instead of XML

Request example

Parameter Data

Response example

	<auth>true <!-- (or false in case of errors) --></auth>

Example of an integration:

#Array with the parameters which you need to pass via the POST API method
 'USER_LOGIN'=>'', #Your login (email)
 'USER_HASH'=>'7ebefd1d4741106a4daa0e0a673bba2e4dc16054' #Hash for API access (see user profile)
$subdomain='test'; #Our account is a subdomain
#Form a link to request
/* We need to initiate a request to the server. Let's use cURL library (supplied as part of PHP). You also
use cross-platform cURL program if you don't program in PHP. */
$curl=curl_init(); #Save the cURL session handle
#Set the required options for cURL session
curl_setopt($curl,CURLOPT_HTTPHEADER,array('Content-Type: application/json'));
curl_setopt($curl,CURLOPT_COOKIEFILE,dirname(__FILE__).'/cookie.txt'); #PHP>5.3.6 dirname(__FILE__) -> __DIR__
curl_setopt($curl,CURLOPT_COOKIEJAR,dirname(__FILE__).'/cookie.txt'); #PHP>5.3.6 dirname(__FILE__) -> __DIR__
$out=curl_exec($curl); #Initiate a request to the API and store the response in a variable
$code=curl_getinfo($curl,CURLINFO_HTTP_CODE); #Get HTTP response code of the server
curl_close($curl); #End the cURL session
/* We can now process the response received from the server. This example. You can process the data in your own way. */
  301=>'Moved permanently',
  400=>'Bad request',
  404=>'Not found',
  500=>'Internal server error',
  502=>'Bad gateway',
  503=>'Service unavailable'
  #If the response code is not 200 or 204 - return an error message
if($code!=200 && $code!=204)
    throw new Exception(isset($errors[$code]) ? $errors[$code] : 'Undescribed error',$code);
catch(Exception $E)
  die( ''Error: ' .$E->getMessage().PHP_EOL. 'Error code: ' .$E->getCode());
The data is obtained in JSON format, therefore, to obtain readable data,
we'll have to translate the answer into a PHP-friendly format
if(isset($Response['auth'])) #authorization flag is available in the 'auth' property
return 'Authorization succeeded';
return 'Authorization failed';
Error code HTTP code Description
110 401 Unauthorized General authorization error. Incorrect login or password
111 401 Unauthorized Occurs after several unsuccessful authorization attempts. In this case, you need to log in to your account through the browser by entering the captcha code.
112 401 Unauthorized Occurs when the user is turned off in the “Users and Rights” account settings or is not in the account.
113 403 Forbidden Access to this account is prohibited from your IP address. Occurs when the filtering of access to the API by the “whitelist of IP addresses” is enabled in the account security settings.
101 401 Unauthorized Occurs in the case of a request to a non-existent account (subdomain).
401 401 Unauthorized Not Authorized. There is no account information on the server. You need to make a request to another server on the transmitted IP.

401 Not Authorized (there are no account data on the server)

Occurs when the account is registered on one server, and the request goes to another server that does not have the data of this account. Most often it happens when the account is registered on one server, for example, on, and the request to the API goes to another server, for example on
To ensure the smooth operation of the project, we use not one but several servers, so there are situations when the response can return HTTP code 401 and error_code 401, even to the correct authorization data. At this point in the response, the correct IP of the server to which the request should be repeated is also transmitted. Note that in this case, the client must be given the same hostname that was used when requesting 401 for the correct operation of the certificates.

Response example

    response: {
        error: "401 Not Authorized"
        ip: ""
        domain: ""
        auth: false
        server_time: 1444448888
        error_code: "401"

See also