Custom Header: Token

Returns Joomla Sessions ID upon successful authentication with access token.

Always secure access to your API server via HTTPS.

Resource URL

The token may be passed through via the HTTP header. It will always override the GET token/:token method.

Resource Information

Option Description
Request format Request Header Parameter
Response formats JSON
Requires authentication YES, Headers-based
Rate limited YES

Request Header Parameters

key Details
  • required
  • Auto-generated by Service Control Panel during new token creation
  • Always associated with a Joomla user account, thereby inherriting any associated permissions of that account.

Example Request

Request Headers

key value
token: xCzlAPpX8zAIPbk78XNkoF6O0Q3h2J3958X:42

Example Results

The JSON response will look different depending on the context in which the token is used.

JSON Response

Used with GET user method.
  "msg": "Authenticated",
  "jresponse": "true",
  "error": false,
  "status": 200
Used with GET user method.
    "msg": "Welcome Super User",
    "error": false, 
    "status": 200

Response Header

HTTP/1.1 200 OK
Date: Sun, 25 Oct 2015 20:13:54 GMT
Server: Apache/2.2.15
X-Powered-By: PHP/5.4.45
Joomla-Sessionid: 9o993919qt9u9djq9qsb9q94p9
X-Rate-Calls-Remaining: 0
X-Rate-Limit-Limit: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: origin, x-requested-with, content-type, token
Access-Control-Allow-Methods: PUT, GET, POST, DELETE, OPTIONS
Connection: close
Transfer-Encoding: chunked
Content-Type: application/json

Note that when a token is used, cAPI will include API Rate Limit key/value pairs in the Response Headers. This information can be used by remote application to control requests, obeying the limits set for each token (or the global override limit set in the Services Control Panel options).