GET /helo

Authenticate with your API Token to obtain a session token (xa-token) for use with all other endpoints.

Why 'helo'?

This is an intentional geeky reference to the HELO command in the SMTP mail server protocol — not a typo.

---

Request

GET /api/{account}/v4.0.0/helo
Authorization: Bearer <your-api-token>

Security

This endpoint uses API Token authentication (apiTokenAuth). Pass your long-lived API Token (generated in Admin > Webshop) as a Bearer token.

Parameters

Name	In	Type	Required	Description
nonce	query	integer (int64)	No	Client-generated unique sequential number. Example: 123456789

---

Responses

200 — Session token returned

{
  "xa-token": "aaMDAwMDAwMDAwMDAxMzY4ODY5OTA4ICAgRlIwMDA3MTQwNjIxXX"
}

Field	Type	Description
xa-token	string	Short-lived session token. Pass this as a Bearer token on all subsequent requests.

400 — Missing or invalid apiToken

Returned when no Authorization header is provided or the token is malformed.

403 — Access denied / invalid token

Returned when the API Token is invalid or has been revoked.

---

Example

curlPythonJavaScript

curl -X GET \
  "https://gestix.pt:443/api/03101176/v4.0.0/helo" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

import requests

response = requests.get(
    "https://gestix.pt:443/api/03101176/v4.0.0/helo",
    headers={"Authorization": "Bearer YOUR_API_TOKEN"}
)
token = response.json()["xa-token"]

const response = await fetch(
  "https://gestix.pt:443/api/03101176/v4.0.0/helo",
  { headers: { "Authorization": "Bearer YOUR_API_TOKEN" } }
);
const { "xa-token": token } = await response.json();

---

Next Steps

Use the returned xa-token in the Authorization: Bearer header for all subsequent API calls. If you need to verify your session is still active, call GET /status.