4.1 Sessions Requests
These API calls allow the creation and destruction of sessions used to interact with MollyBet API. login creates a new session, logout terminates a session.
Available calls:
4.1.1 Login and create a new MollyBet API session
Method and URL:
POST /v1/sessions/
The session ID returned by this request must be used as the authentication token for further API requests, by setting it as the value of the Session HTTP header.
In order to terminate the session use the logout call.
Note: API sessions will expire automatically after 24 hours without any activity. If you wish to keep an API session token active, you should send a valid request, (e.g. GET /v1/xrates/) at least once every 24 hours. Be aware that websocket-only activity does not count towards keeping a session active.
Request Parameters:
username [ string ]:
MollyBet account username
password [ string ]:
MollyBet account password
Return Data: a string with the new session ID if authentication succeeds
4.1.2 Return metadata associated with a session
Method and URL:
GET /v1/sessions/<session_id>/
Example output data:
{
"username": "johndoe",
"client_type": "direct"
}
URL Parameters:
session_id:
The id of the session to obtain information for
4.1.3 Logout and terminate a session
Method and URL:
DELETE /v1/sessions/<session_id>/
After a successful logout, the session id can no longer be used as an authentication token, and you will need to generate a fresh one with a new call to login.
URL Parameters:
session_id:
The id of the session to terminate
4.1.4 Create a new session to impersonate a different user
Method and URL:
POST /v1/sessions/<session_id>/sudo/
Note that the original session is not deleted or changed in any way. You can start making new requests using the new session ID. To "unsudo" simply logout from the session created by this call and go back to use the original session ID.
URL Parameters:
session_id:
The session id of the active user
Request Parameters:
target [ string ]:
MollyBet username of the user to impersonate
Return Data: A new session ID, as for the login call
4.1.5 Tokenize the current session
Method and URL:
POST /v1/sessions/<session_id>/tokenize/
This is called from a customer's session to obtain an opaque token that can be redeemed by the customer's agent. A customer authenticated with MollyBet can be handed off to a site operated by their agent via a redirect that includes the token.
URL Parameters:
session_id:
The session ID of the active user (the customer).
Return Data: A string with the opaque token to share with the agent.
4.1.6 Detokenize the session of a user visible from the current session
Method and URL:
POST /v1/sessions/<session_id>/detokenize/
This is called from an agent's session to authenticate a customer arriving at their site from MollyBet. The agent should use the returned MollyBet session data to set up a customer session on their own site; the token itself is short-lived and should not be stored.
URL Parameters:
session_id:
The session ID of the active user (the agent).
Request Parameters:
token [ string ]:
The opaque token received from the incoming customer.
Example:
{
"username": "janedoe",
"client_type": "website"
}