Authentication guide – WellnessLiving Developer Portal

Authentication guide

To make authenticated calls to our API, you need four pieces of information that remain static:

Your WellnessLiving username
Your WellnessLiving password
Your authorization code
Your authorization ID

A user can be a client or a staff member, but it’s recommended to make all calls with a staff member since they’ll have broader access than clients. The authorization ID is used in the request header. The authorization ID and code are used when calculating the signature.

WellnessLiving’s API uses a generated signature in the HTTP request header for additional security. This generated signature is a string set as a hash of multiple values. However, signature generation isn’t required if the endpoint doesn’t require authentication.

When authenticating, there are two session creation endpoints that need to be called before accessing the actual data required:

NotepadModel, which gets the notepad value and cookies.
EnterModel, which signs the user in.

NoteThese two session creation endpoints aren’t required if the endpoint in question doesn’t require authentication.

Cookies

There are two cookies used to maintain your session, depending on the server you’re using. For example, the cookies used on our Staging server are:

sp (Staging Persistent)
st (Staging Transient)

These cookies are usable for 30 days.