Sway Charts API Documentation
  • REST API Specification
    • Getting Started
      • Introduction
      • Errors
      • API Versioning
      • Conditional Requests & Updates
      • Entity Versioning
      • Data Types and Formats
      • Rate Limits & Throttling
    • Authentication & Authorization
      • HMAC Authentication
      • POST Create Session Token
      • POST Ping
      • POST Logout
    • Trading
      • POST Place Order
      • PUT Modify Order
      • DELETE Cancel Order
    • Reference Data
      • GET List Instruments
      • List Instrument Details
    • Users and Accounts
      • GET Get Users
      • GET List Account Portfolio
      • GET List Open Positions
      • GET List Open Orders
      • GET List Cash Transfers
      • GET POST List Orders
      • GET List Account Metrics
      • GET List Account Events
    • Market Data
      • POST Request Market Data
    • Conversion Rates
      • POST Get Conversion Rates
    • Cash Transaction
      • Single Order Request
      • Order Group Request
      • Order Response
      • Instrument
      • Instrument Details
      • Trading Session
      • Limit Value
      • Margin Rate
      • Margin Tier
      • User Details
      • Account Details
      • Account Portfolio
      • Balance
      • Position
      • Order
      • Order Leg
      • Execution
      • Cash Transfer
      • Historic Order List
      • Account Metrics
      • Position Metrics
      • Currency Metrics
      • Account Event
      • Market Data Request
      • Market Data Event Type
      • Market Data List
      • Quote
      • Candle
      • Conversion Rate
    • Revision History
Powered by GitBook
On this page
  1. REST API Specification
  2. Authentication & Authorization

POST Create Session Token

PreviousHMAC AuthenticationNextPOST Ping

Last updated 1 year ago

POST https://api.swaycharts.io/dxsca-web/login

Creates a Basic Authentication session token that should be used in all further requests

  • User POSTs their username, domain and password

  • Server generates a random access token which is returned to the client

  • Client receives the token and uses it in all further requests supplying it in a header

  • Token expires due to:

    • Client POSTs a request to a special "logout" resource (see )

    • Client is forced to log out by the platform operations team

    • Client is revoked the permission to use the REST API

    • A pre-configured timeout passes since last request from the client

  • Upon a request with an expired token, client receives the 401 Unauthorized error and is expected to repeat the authentication procedure.

To avoid situations with sudden disconnects due to inactivity, client is expected to track token expiration on its side and either renew the session or use the to maintain the session.

// Request JSON

{
    "username": "username of the client",
    "domain": "domain of the client",
    "password": "password of the client"
}

Authentication failed due to username/password mismatch

  • Status code: 401 Unauthorized

  • Error code: 3

  • Description: Incorrect username or password

Logout
Ping API
Common errors