Before you can use Legacy REST Web Services you must log in to open an authorized HTTP session. When the server receives a log in request for a valid user account, it authenticates the user and returns a session identifier if the authentication is successful.

The procedure for logging in to the Legacy REST Web Services server is different for external and internal users. External users are customer or other users of outward or customer-facing web sites. Internal users are those who have access to agent-facing servers, such as call center agents using Oracle ATG Web Commerce Service Center. See specific procedures with examples in Logging In as an External User and Logging In as an Internal User.

Handling Session Identifiers

When you successfully log in to the Legacy REST Web Services server, it returns a session identifier with its HTTP response. The HTTP client that you use must present that session identifier each time it interacts with the Legacy REST Web Services server. One method for handling the session identifier is to allow the server to set it in a cookie file for the client.

The specific procedure you use to handle the session identifier depends on the client software you are using. The examples in Logging In as an External User and Logging In as an Internal User show how one HTTP client stores the session identifier in a cookie file.