Skip to content

POST /auth

Authenticate a Gestix ERP user by username and password. Returns a session token (xa-token) that can be used for subsequent API calls.

This endpoint is intended for web applications and user-facing portals where the end user provides their Gestix credentials directly.

Alternative authentication

For server-to-server integrations, use GET /helo with an API Token instead.

Request

POST /api/{account}/v4.0.0/auth?username={username}&password={password}

Parameters

Name In Type Required Description
username query string Yes Gestix ERP username
password query string Yes Gestix ERP password

Credentials in query string

The username and password are passed as query parameters. Always use HTTPS to ensure they are encrypted in transit. Avoid logging full request URLs.

Responses

200 — Authentication successful

{
  "xa-token": "aaMDAwMDAwMDAwMDAxMzY4ODY5OTA4ICAgRlIwMDA3MTQwNjIxXX"
}
Field Type Description
xa-token string Session token. Use as Authorization: Bearer <xa-token> on subsequent requests.

400 — Invalid input

Returned when required parameters are missing.

Example

curl -X POST \
  "https://gestix.pt:443/api/03101176/v4.0.0/auth?username=john&password=secret"

import requests

response = requests.post(
    "https://gestix.pt:443/api/03101176/v4.0.0/auth",
    params={"username": "john", "password": "secret"}
)
token = response.json()["xa-token"]

const params = new URLSearchParams({ username: "john", password: "secret" });
const response = await fetch(
  `https://gestix.pt:443/api/03101176/v4.0.0/auth?${params}`,
  { method: "POST" }
);
const { "xa-token": token } = await response.json();