You can log in to the device by entering the username and password or the session ID provided by the device after authenticating the initial request from the client.
If the authentication is successful, the response header "Authentication-Token" is sent to the client. From then, client applications can use this token and send it to the server for the authentication for further access to the server by using the same persistent connection. The client applications use this token to obtain further access to the server using the persistent connection.
device# curl -v -X GET -u admin:password http://host:80/rest/config/running/vlan/10 -H "Accept: application/vnd.configuration.resource+xml" -k -v -H "Authentication-Token: d0xaUUp4cTx2dzlyfD9HaX09SC9yZEA/eF5yUkpXa0M="
If you use cURL, the response header is sent with a different authentication-token as the REST API is a stateless protocol. However, if you use a third-party tool or script and initiate a persistence session, you will receive the same Authentication-token under the session and response header.
There is no expiry for the authentication token or the user session. There is expiry for the HTTP session only, which is 180 seconds. The client will timeout if the server does not respond within 180 seconds. This also applies to the Authentication-token expiry.
For single persistent connection, there must be only one token. When the same token is reused, you can have maximum number of 100 requests in a persistent connection.
To log out from the device, you must delete the session created using the DELETE operation. The URI for deleting a session is http://host:port/rest/session/<session-id>.