[PleaseHelp]

Quote:

Originally Posted by Paul M

What I have told you is how its done.

When you create a session with api_init, and get the (session) accesstoken, the userid in the session table at that point is 0. Once you login correctly using the login_login method, that session userid is changed to x (your userid), so any future requests with that access token will run as userid x.



FYI, those details were taken direct from a sucessful session, where I logged in, and then checked the PM folder.

OK, let's dissect the paragraph we pasted earlier because something doesn't make sense to us.

Here is the paragraph:

Quote:

"So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken. Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars. After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls."

Now let's dissect it one-by-one:

Quote:

So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken.

Do we need to do anything different with this new call to api_init once we have the "dbsessionhash" from method login_login? How does this new call to api_init know the user is logged in unless we pass something new to it (e.g. the "dbsessionhash" from login_login) ?

Quote:

Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars.

Which "sessionhash" and "securitytoken" is it referring to specifically? Is "sessionhash" referring to the "dbsessionhash" we get from the login_login method or is it referring to something from api_init (if so, what specifically) ? What about the "securitytoken", is it referring to the "apiaccesstoken" we get from calling api_init again or something else (if so, what specifically) ?

Quote:

After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls.

How do we add this new "sessionhash" and "securitytoken" to a future API method call? Do we add them to the parameter array that already includes ("api_m" => [method name]) ? If so, what do we name the keys?



Please be as clear and specific as you can, and please provide examples where possible. This is very confusing but we are relieved to hear you actually got it to work! Thanks again for your assistance with this, we greatly appreciate it.