The preferred authentication method is to use HTTP Basic Auth with the API key username and password when making calls to the call method.
See Find Your URL for information on finding the correct URL to use for your ShipStream instance.

HTTP Basic Auth

HTTP Basic Auth Example
curl -X POST https://apiuser:password@example.shipstream.app/api/jsonrpc \
  -d '{"jsonrpc":2.0,"id":1234,"method":"call","params":[null,"warehouse.list",[]]}'
In this case, the session_id parameter to the call method (the first element of the params array) should be null.

Session Login

login(username, api_key) Another method is to use the login JSON-RPC method to obtain a session ID and use this session ID for subsequent requests to the call method. The session ID can then be used as the first array element of the params parameter for subsequent requests to call.
The session ID will expire after 24 hours at which time you will need to use login again. Do not call login before each request, instead consider using the HTTP Basic Auth method described above.

login() Parameters

username
string
required
The API user’s username.
api_key
string
required
The API user’s API key (password).

Return Value

Upon a successful login, the result will be a session ID which is a 32-character hexadecimal string.

Login Example

Request
{
    "jsonrpc" : 2.0,
    "id" : 1234,
    "method" : "login",
    "params" : [
        "username",
        "password"
    ]
}
Response
{
    "jsonrpc" : 2.0,
    "id" : 1234,
    "result" : "be1c13ed4e03f0ed7f1e4053dfff9658"
}
An example response for if the session is expired:
Session Expired
{
    "jsonrpc" : 2.0,
    "id" : 1234,
    "error" : {
        "code" : -32005,
        "message" : "Session expired. Try to relogin."
    }
}

Error Codes

codemessage
2Access denied.
6Required parameter is missing.