Managing Sessions
A session token is needed to gain access to EDS API. A session token is a unique string that identifies the specific session instance. You must create a session to retrieve a session token. After the session is complete, ending a session will invalidate a session token.
Creating a Session
When you create a session, a session token is generated. Session tokens stay valid even if the authentication token expires. Sessions stay active as long as there is client search activity using the session token. The expiration only applies when the session is inactive. Each time a new user initiates a session with your application, you should create a session with the API. The session token must be added to the header of all subsequent requests. The /edsapi/rest/createsession endpoint provides the session token.
Endpoint URL for Creating a Session
GET https://eds-api.ebscohost.com/edsapi/rest/createsession
POST https://eds-api.ebscohost.com/edsapi/rest/createsession
If you are using an authentication token, set the x-authenticationToken http header with the token that you saved from /authservice.
Data Parameters
To Use the Createsession Endpoint:
Gather the following information for the request:
| Parameter Name | Description | Required/Optional | Parameter Type | Format | Default | Example Values |
|---|---|---|---|---|---|---|
| x-authenticationToken | Token identifying the caller. | Required | Header | string | - | f4714669-ebfa-40d3-acac-bf6e0f22fbb9 |
| Profile | Profile ID | Required | Query | string | "ABCProfile" | |
| Guest | Whether or not this session is for a guest. | Optional | Query | y | n | "y" | |
| Org | Any string identifying the caller organization | Optional | Query | string | "XYZLibrary" |
/edsapi/rest/createsession supports application/xml or application/json.
Request
GET http://eds-api.ebscohost.com/edsapi/rest/createsession?profile=ABCProfile&guest=n&org=XYZLibrary
{
"Profile":"edsapi","Guest":"n","Org":"ABC Profile"
}
<CreateSessionRequestMessage xmlns="http://epnet.com/webservices/EbscoApi/Contracts" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<Profile>edsapi</Profile>
<Guest>n</Guest>
<Org>ABC Profile</Org>
</CreateSessionRequestMessage>
Response
{
"SessionToken":"655f4da3-de0d-453a-8809-d253f62a7a15.LFjKSZ8TEqGqDDpxJYEU8w=="
}
{
"SessionToken":"5de0f1a6-535e-4f22-99e1-9578aafe3527.kn80uq817gXyR0tPzV2CNQ=="
}
<CreateSessionResponseMessage xmlns="http://epnet.com/webservices/EbscoApi/Contracts" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<SessionToken>976f59d7-ff38-45f2-aa44-cb6a5923ff60.PiZVlYeE7v/mDHdl/os/Cw==</SessionToken>
</CreateSessionResponseMessage>
<CreateSessionResponseMessage xmlns="http://epnet.com/webservices/EbscoApi/Contracts" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<SessionToken>323b262d-00c0-47df-95f3-f31a63a759ae./ZFG8xQkFkssYd9eiHe5qA==</SessionToken>
</CreateSessionResponseMessage>
The response can be XML or JSON. The response format is defined by the Accept value set in the HTTP header. If the Accept value is not present in the HTTP header, the Content-type value in the HTTP header is used. The AuthTimeout value in the response is in seconds.
Your application should not:
- Use the same session token for multiple users.
- Get a new session token for each search. This may cause performance issues.
The /edsapi/rest/info endpoint does not need to be called for each session or search. The /edsapi/rest/info endpoint returns customer-level configuration settings that don’t change frequently. It is recommended to call it hourly so that configuration changes flow through to the UI in a timely fashion.
Please be sure to include the authorization token and session token with every EDS API request.
Create Session Guest Access
Guest Access allows non-authenticated users to search an institution’s Discovery Service profile. When searching as a Guest, users are permitted to do the following:
- Search all EBSCO Discovery content.
- View detail records and real-time catalog information for catalog and institutional repository results.
- View full text content from an institution’s databases when logged in.
- Print, email, save, or export their results when logged in.
- View integrated search results.
When requesting data for a guest that is accessing your interface, use guest=y when calling the /edsapi/rest/createsession endpoint. All calls using the guest session ID will only contain data that can be shown to guests. All data that is returned from the API can be displayed. Restricted data will be filtered out by the API. You can determine whether the session that was used in a call was from a guest by the **** element being present in the record header.
Access Levels
| Access Level | Description |
|---|---|
| 0 | Not Available to search via Guest Access |
| 1 | Metadata is searched, but only a placeholder record is displayed |
| 2 | Display record in the results but no access to detailed record or full text |
| 3 | Full access: search/display all content to guests |
| 6 | Display full record but no access to full text |
Ending a Session
Ending a session invalidates the session token. You should end a session when a user logs out. The /edsapi/rest/endsession endpoint ends a session.
Endpoint URL for Ending a Session
GET https://eds-api.ebscohost.com/edsapi/rest/endsession
POST https:///eds-api.ebscohost.com/edsapi/rest/endsession
If you are using an authentication token, set the x-authenticationToken http header with the token that you saved from /authservice.
Data Parameters
To Use the Endsession Endpoint:
Gather the following information for the request:
| Parameter Name | Description | Required/Optional | Parameter Type | Format | Default | Example Values |
|---|---|---|---|---|---|---|
| x-authenticationToken | Token identifying the caller | Required | Header | string | - | f4714669-ebfa-40d3-acac-bf6e0f22fbb9 |
| SessionToken | The session that you would like to end. | Required | Query | string | "c3421b6c-1f4b-41d0-8381-e273abbd8ec4.Qlmb/P3sNDGCd4GZyvP6yw==" |
Request
http://eds-api.ebscohost.com/edsapi/rest/endsession?sessiontoken=c3421b6c-1f4b-41d0-8381-e273abbd8ec4.Qlmb/P3sNDGCd4GZyvP6yw==
{
"SessionToken":"d87f1eb4-ad26-4c35-91ee-2d5b52463145.cmJI6tm8TBj8CqWUq9KEWg=="
}
<EndSessionRequest xmlns="http://epnet.com/webservices/EbscoApi/Contracts" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<SessionToken>d87f1eb4-ad26-4c35-91ee-2d5b52463145.cmJI6tm8TBj8CqWUq9KEWg==</SessionToken>
</EndSessionRequest>
Response
{
"IsSuccessful":"y"
}
{
"IsSuccessful":"y"
}
<EndSessionResponse xmlns="http://epnet.com/webservices/EbscoApi/Contracts" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<IsSuccessful>y</IsSuccessful>
</EndSessionResponse>
<EndSessionResponse xmlns="http://epnet.com/webservices/EbscoApi/Contracts" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<IsSuccessful>y</IsSuccessful>
</EndSessionResponse>
The response can be XML or JSON. The response format is defined by the Accept value set in the HTTP header. If the Accept value is not present in the HTTP header, the Content-type value in the HTTP header is used. The AuthTimeout value in the response is in seconds.
Best Practices
We recommend that you do not use the same session token for multiple users. Also, do not obtain a new session token for each search, as this may cause performance issues.
Updated 24 days ago