Web service sessions
Keys and tokens
A token is required to use a RouteYou plugin or communicate with a RouteYou web service. This token is generated from a key. Note that keys and tokens are not interchangeable, you cannot use a key as token or vice versa. A key is unique and never changes or expires; you will have only one key for each application. A token is derived from such a key, it is temporary and will expire when it is no longer used; you can have many tokens active at once.
Generating a token
If you have an agreement with RouteYou about the use of the plugins or web services, you should have received one or more web service keys. If you have not received them yet, or if you wish to try out our services, you can use the temporary test accounts.
The web service tokens can be generated from a key by using the Session web service's "start" method.
Client-side (plugins, web service calls via JavaScript)
For security reasons, the key itself should never be exposed client-side. This means that tokens should be generated server-side. The token can then be passed (client-side) to the plugins.
A simple PHP class for generating tokens can be found here. Contact us for other platforms.
You can generate a new token on every page request. If you prefer to use the same token multiple times, you could store it in your user's session, but keep in mind that each token expires when it has not been used for some time, so you will need to generate a new one once in a while.
Server-side and other applications (direct web service calls)
For server-side web service calls or offline applications written in PHP, there is a client library available. More information about it can be found here.