Most of our APIs require for the user to be authenticated. Login data is submitted to our API via HTTP POST.

When successfully authenticated, the service will respond with an API token that is valid for twenty minutes. This API token should be added to the Authenticate message header in the Avala-Api schema for all subsequent requests to Aimbase APIs that require authentication.

Possible Response Codes

  • 200 (OK).This response indicates that the login was successful. The response body will contain the API token value.
  • 400 (Bad Request). This response indicates that the data was not sent in the correct format, or had missing information.
  • 401 (Incorrect Username/Password). This response indicates that the log in was not successful. The response body will contain an error message.
  • 500 (Internal Server Error). An unknown error occurred.

Post Information

HTTP Endpoint


Authentication Data Schema

Field Name  Required  Format  Description 
Username  X  Max Length: 50  The username of the user that is logging in. 
Password  X  Max Length: 50  The password of the user that is logging in. 
Type    Max Length: 50  Either Api or Mobile to indicate whether the user is signing into the standard API or the API for mobile devices. 
DeviceCode    Max Length: 256  The unique device identifier. Required when the type is Mobile. 

XML Example Post

<?xml version="1.0"?> 
<LoginRequest xmlns:xsi="" xmlns:xsd=""> 

JSON Example Post

    "Username" : "username", 
    "Password" : "password" 

XML Example Response

<string xmlns="">username:1ea0934d-ef65-4ae2-b513-8ed5d8a64e52</string>

JSON Example Response


XML Example Failed Response

<?xml version="1.0"?> 
<Error><Message>The Username field is required.</Message></Error>

JSON Example Failed Response

{"Message":"The Username field is required."}

Sample Header Value

Once the API token is retrieved, it can be used to make authenticated API requests. An example API token in the request’s Authenticate header and Avala-Api schema would look like this:

Authenticate: Avala-Api token

NOTE: The token includes “username:”.