Design considerations

Setting up authentication to the zeuz base API and using the authentication credentials is a multi-step process. See API authentication overview for a summary of the required tasks and links to the detailed steps.

Depending on the number of these tasks you want to achieve, you might create a single script or multiple scripts to log in to zeuz, generate a session key, generate a sign-hash and attach the sign-hash to your API requests.

Login options

For a description of the process to log into zeuz and create a session key, see the API login page.

The session key is valid for 24 hours. The following options outline some approaches you can take to work around this limitation, and the advantages and disadvantages of each.

Option 1 - Log in every time you call the API

Log in to zeuz every time you want to send an API request.

Advantages:

  • Ensures that you never try to use an expired session ID.
  • Minimises failures.
  • No time tracking or comparison between the current time and the sign-hash expiry time required.

Disadvantages:

  • Slows processing, because every API request logs in whether it needs to or not.

Option 2 - Log in every 24 hours

Log in to zeuz every 24 hours.

Advantages:

  • Ensures that you never try to use an expired session ID.
  • Minimises failures.

Disadvantages:

  • Requires time tracking and comparison between the current time and the sign-hash expiry time, which increases the size of your code and its complexity.

Option 3 - Check login validity before you make an API request

Check the validity of the previously used login session, proceed with your API request if the session is valid or perform a new login if the session is invalid.

Advantages:

  • Requires less code to implement than the alternatives.
  • Requires the least processing of all three options.
  • You can manage failed login requests with error handling.

Disadvantages:

  • Intentionally generates failures that require handling.

Recommendation

Option 3 is the approach we recommend in most circumstances. For more details and code you can adapt for your own purposes, see:

See the Error handling page for information on the error codes the zeuz API returns, and how to check for invalid and expired sessions.



2021-aug-3 Page updated with editorial review.

2021-may-12 Page added with editorial review.


Last edited on: October 13, 2021 (149a70bd)