Skip to main content
Skip table of contents

1. User Logins (Session Tokens)

Session-based Authentication Overview

Session-based authentication is the primary method for authenticating users in the Circularo system. It provides a secure way to access the API.

What are Session Tokens?

Session tokens are temporary authentication credentials that:

  • Provide secure access to the Circularo API after successful authentication

  • Are valid for 30 days by default

  • Can be used across multiple API requests

  • Eliminate the need to send credentials with each request

Authentication Methods

Circularo supports multiple authentication methods to accommodate different security requirements:

  • Standard Authentication: Simple username and password login

  • Multi-Factor Authentication (MFA): Additional verification step after password entry

  • Recovery Code Authentication: Emergency access when standard MFA methods are unavailable

Token Lifecycle

  • Creation: Generated upon successful authentication

  • Validation: Can be checked for validity

  • Usage: Included as a query parameter in API requests

  • Termination: Invalidated through explicit logout or expiration

Security Considerations

  • Store session tokens securely and never expose them in client-side code

  • Implement proper token management including logout when sessions are no longer needed

  • For server-to-server integrations, consider using API tokens instead

  • Enable Multi-Factor Authentication for sensitive accounts

Session tokens provide full access to a user's account. Always handle them with appropriate security measures.

Common Use Cases

  • Interactive web applications: User sessions in browser-based interfaces

  • Mobile applications: Authentication for native mobile clients

  • Short-lived integrations: Temporary access for one-time operations

For long-lived server-to-server integrations, API tokens (covered in the next section) are recommended over session tokens.

Authentication Flow

A typical authentication flow involves:

  • 1. Authenticating with username and password

  • 2. Completing any required MFA challenges (if enabled)

  • 3. Using the resulting session token for API operations

  • 4. Checking token validity when needed

  • 5. Logging out to terminate the session when finished

The scenarios in this section demonstrate each step of this process in detail.

1. Authentication with username and password
2. Session Token Status Check
3. Login with MFA
4. Login with Recovery Code
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close