Warning! Construction underway! Amatino is in an 'alpha' state. Not all features are operational. See roadmap

Primary
Account
Entity
Transaction
Derived
Balance
Ledger
Performance
Position
Recursive Balance
Recursive Ledger
Tree
Ancillary
Custom Unit
Entry
Global Unit
Global Unit List
Ledger Row
Object
Create
Delete
Side
Tx Version List
Tree Node
Type
User

Session

Sessions are the keys to the Amatino kingdom. All requests to the Amatino API, except those requests to create Sessions themselves, must include two HTTP headers: An integer session identifier, and a Hashed Message Authentication Code (HMAC) signed with a Session API Key.

Creating a Session with a POST request is analogous to 'logging in', and deleting a Session with a DELETE request is analogous to 'logging out'. Your application might wish to create multiple Sessions for a User. For example, one per device.

The formula for the Amatino API HMAC signature is SHA512((Unix timestamp in seconds) + (URI path) + (JSON data)), using the Session API key as the hash key. The HMAC should be URL-safe Base64 encoded. For more help with generating request signatures, check out the Amatino API Request Signature knowledge base article.

The Session Object

When returning a Session object to you, Amatino will use the following structure

Root Type

JSON Object

Object Structure

description A URL-safe base-64 encoded 256-bit random number generated in a cryptographically secure manner
key "api_key"
example "EPcmwPnjFQFWrZjYtM3J6GZMrGA0gC-40cUD0NKK_K0A"
note Amatino replaces all "=" padding characters with the character "A".
type JSON String
description An integer Session identifier
key "session_id"
example 4200100
type JSON Number

Create Session

API Path /session
HTTP Method POST
Description Descr. Create a new Amatino API Session

Required Headers

None.

Required URL Parameters

None.

Required JSON Data

Root type

Object Structure

description The email address associated with the User for which a Session is to be created
key "account_email"
example "clever@cookie.com"
note Supply either an account_email or user_id, but not both
type JSON String or JSON Null
description The integer identifier associated with the User for which a Session is to be created
key "user_id"
example 8675392677
note Supply either an account_email or user_id, but not both
type JSON Number or JSON Null
description The passphrase associated with the User for which a Session is to be created
key "secret"
example "excellent high entropy passphrase"
type JSON String

Returns

Root Type

JSON Object

Object

Session

Delete Session

API Path /session
HTTP Method DELETE
Description Descr. Delete a Session, ending its ability to be used to authenticated to the Amatino API

Required Headers

Key X-Signature
Value Your Session signature
Example "yxATCPRKAAXHNiPctNQPHEGGVJF"...
Key X-Session-ID
Value An an integer Session ID
Example 7449059267091272858

Required URL Parameters

None.

Required JSON Data

None.

Returns

Root Type

JSON Object

Object Structure

description The id of a deleted session
key "session_id"
example 4200100
type JSON Number