Two-way Strong ¦ Sign In ¦ New User

Application Programming Interface (API)

 

Introduction

User Account

API Key

Test Environment

Web Application

Login

Token

Session Check

Session Check (Static)

Logout

Logout (Static)

Mobile Application

Mobile Login Check

Key Data Fields

Response Messages

Demo Examples

Powered By (Credit)

Technical Support

 

Session Check Function

The software developer can either create a JavaScript session check function in a static HTML page or create a new function in their Web server script. For the Web server script implementation, the software developer modifies their secured Web page by adding a function in their Web server script. The function essentially sends data by form POST method and returns the result as a text string. You need to submit both your API key and a Session ID. These are the two variables that you will prepare and send in the function.

After the user successfully logs in from the token function, a unique session identifier is created for that user. The token function returns the Session ID. The software developer must incorporate the Session ID in order to maintain the user's session. If the session identifier is lost, the user will have to log in again. There are a few options that the developer can implement to remember the Session ID.

The preferred option, which Two-way Strong recommends, is to append the Session ID to every link throughout the developer's Web application. The software developer will add "sessionID=RETURNED_SESSION_ID" in the query string part of the URL address. The RETURNED_SESSION_ID is the generated session identifier that will be returned for a particular user.

Example of appending the Session ID in the URL.

https://www.domain.com/products/product?sessionID=RETURNED_SESSION_ID

Use this URL address to connect to the Test Environment:

https://www.2waystrong.com/ApiUsr/CheckV01Test

Use this URL address to connect to the Live Environment:

https://www.2waystrong.com/ApiUsr/CheckV01Live

The session check function will return one of seven messages. The software developer would write program code to execute an action according to the message. The following messages are:

  1. Login session remains active.
  2. Login session has expired or is no longer active.
  3. Session ID must be provided.
  4. API Key is not valid.
  5. API Key must be provided.
  6. User ID is not valid.
  7. An unknown error has occurred.

If the message is "Login session remains active.", the action can return the content of the secured Web page. If the message is "Login session has expired or is no longer active.", the recommended action is to return the user to the user login page. All other messages would return an error page.

This first example is for an ASP.NET MVC application.

        private String CheckUserSession(string sessionID)
        {
            string postApiURL = "https://www.2waystrong.com/ApiUsr/CheckV01Live";
            string postApiString = "";
            string requestOutput = "";

            Dictionary postValues = new Dictionary();
            postValues.Add("apiKey", "INSERT API KEY");
            postValues.Add("sessionID", sessionID);

            foreach (KeyValuePair postValue in postValues)
            {
                postApiString += postValue.Key + "=" + postValue.Value + "&";
            }

            postApiString = postApiString.TrimEnd('&');

            try
            {
                WebRequest requestSend = WebRequest.Create(postApiURL);
                requestSend.Method = "POST";
                requestSend.ContentType = "application/x-www-form-urlencoded";
                byte[] byteApiString = Encoding.UTF8.GetBytes(postApiString);
                requestSend.ContentLength = byteApiString.Length;

                Stream requestData = requestSend.GetRequestStream();
                requestData.Write(byteApiString, 0, byteApiString.Length);
                requestData.Close();

                WebResponse requestReceive = requestSend.GetResponse();

                using (requestData = requestReceive.GetResponseStream())
                {
                    StreamReader readData = new StreamReader(requestData);
                    requestOutput = readData.ReadToEnd();
                }

                requestReceive.Close();

                return requestOutput;
            }
            catch (Exception ex)
            {
                return ex.Message;
            }
        }

Download the ASP.NET source code.

This second example is for a PHP application.

if ($_GET["sessionID"] == null) {
	$sessionID = "";
} else {
	$sessionID = $_GET["sessionID"];
}

$messageTwowayStrong = CheckUserSession($sessionID);

switch ($messageTwowayStrong) {

	case "Login session remains active.":
		include 'index-include.php'; // Your page content is in an external file.
		break;
	case "Login session has expired or is no longer active.":
		header("Location: INSERT USER LOGIN URL");
		exit();
		break;
	case "Session ID must be provided.":
		header("Location: INSERT USER LOGIN URL OR A URL TO AN ERROR PAGE");
		exit();
		break;
	case "API Key is not valid.":
		header("Location: https://www.2waystrong.com/ApiUsr/KeyAccess");
		exit();
		break;
	case "API Key must be provided.":
		header("Location: https://www.2waystrong.com/ApiUsr/KeyAccess");
		exit();
		break;
	case "User ID is not valid.":
		header("Location: INSERT USER LOGIN URL OR A URL TO AN ERROR PAGE");
		exit();
		break;
	case "An unknown error has occurred.":
		header("Location: INSERT USER LOGIN URL OR A URL TO AN ERROR PAGE");
		exit();
		break;
	default:
		header("Location: INSERT USER LOGIN URL");
		exit();

}

function CheckUserSession($sessionID) : string {

	$apiKey = "INSERT API KEY";
	$postApiURL = "https://www.2waystrong.com/ApiUsr/CheckV01Live";
	$requestOutput = "";

	$postValues = array(
		'apiKey' => $apiKey,
		'sessionID' => $sessionID
	);

	$postApiString = http_build_query($postValues, '', '&', PHP_QUERY_RFC3986);

	try {

		$requestData = array(
			'http' => array(
				'method' => 'POST',
				'header' => "Content-type: application/x-www-form-urlencoded\r\n" .
                           "Content-Length: " . strlen($postApiString) . "\r\n",
				'content' => $postApiString
			)
		);

		$requestSend = stream_context_create($requestData);

		$requestReceive = file_get_contents($postApiURL, false, $requestSend);

		if ($requestReceive === false) {
			$requestReceive = "";
		}

		$requestOutput = $requestReceive;

	} catch (Exception $e) {
		$requestOutput = "";
	}

	return $requestOutput;

}

Download the PHP source code.