Sessions API
Overview

Sessions API


Version: 2.0.0

The William Hill Sessions API uses a central authentication service (CAS*) on all resources that require access to a customer\u2019s account or betting functionality. To authenticate, you\u2019ll need to supply a sportsbook username and password, in return you will be given an authentication ticket, which you can use on the majority of requests found within our services.


The Sessions API should be used whenever you want to login a customer and:

  • continue to use the William Hill API for that customer\u2019s transactions
  • use other CAS-enabled William Hill services outside the suite of APIs

CAS is an enterprise Single Sign-On solution for web services (see https://wiki.jasig.org/display/CAS/Home). It is used by many William Hill services.
Note: all requests must be executed over HTTPS and include an API key and secret.


Authentication Ticket Expiration Times

When a customer is logged in using the Sessions API, they are given an Authentication Ticket; using this ticket on subsequent API requests gives you access to account activities (such as placing a bet, deposits, etc). However, this ticket is only valid for a given period of time depending on how it is used. If the ticket is used and then has a period of inactivity longer than 7,200 seconds (2 hours), then the ticket will expire and further requests using the ticket will be denied - in effect, a customer has been logged out and will need to authenticate again.


Normally, any ticket issued only has a maximum life expectancy of 28,000 seconds (8 hours) after which it can no longer be used, even if it has been used regularly. The customer again will be effectively logged out and will need to authenticate again. If you wish to avoid this, you need to set the query parameter extended to Y, which will enable your application to generate a ticket valid for 60 days without expiring due to inactivity.

Summary
Method Name Description Resource
getServiceTicket Obtains a one-time Service Ticket that can be used to access other CAS enabled William Hill services that are not available through the standard suite of APIs. You first need to have logged in a customer to obtain an Authentication Ticket. https://sandbox.whapi.com/v2/sessions/tickets/{tgt}/serviceTicket
logIn Logs in a customer by obtaining an authentication ticket. It can then be used directly with the other William Hill APIs to access a customer\u2019s sportsbook account, place a bet, etc. https://sandbox.whapi.com/v2/sessions/tickets
logOut Logs out a customer. https://sandbox.whapi.com/v2/sessions/tickets/{tgt}
validateSession Checks the validity of a session ticket. https://sandbox.whapi.com/v2/sessions/tickets/{tgt}
Resources Expand All Collapse All
getServiceTicket()
Obtains a one-time Service Ticket that can be used to access other CAS enabled William Hill services that are not available through the standard suite of APIs. You first need to have logged in a customer to obtain an Authentication Ticket.
Request Example
get https://sandbox.whapi.com/v2/sessions/tickets/{tgt}/serviceTicket?languageAsPerTerritory=false&target=&fields=extended&include=extended&exclude=expiryDateTime HTTP/1.1
Host: sandbox.whapi.com

apiKey: l7xxa54460c573b5497c9b24b505xxxxxxxx
apiSecret: l7xxa54460c573b5497c9b24b505xxxxxxxx
territory: ES

Request Parameters
path parameters
Name Description
tgt*
header parameters
Name Description
apiKey*
apiSecret*
territory
query parameters
Name Description
languageAsPerTerritory
target*
fields
include
exclude
Responses Expand All Collapse All
logIn()
Logs in a customer by obtaining an authentication ticket. It can then be used directly with the other William Hill APIs to access a customer\u2019s sportsbook account, place a bet, etc.
Request Example
post https://sandbox.whapi.com/v2/sessions/tickets?fields=extended&include=extended&exclude=expiryDateTime&languageAsPerTerritory=false HTTP/1.1
Host: sandbox.whapi.com
Accept: application/json
apiKey: l7xxa54460c573b5497c9b24b505xxxxxxxx
apiSecret: l7xxa54460c573b5497c9b24b505xxxxxxxx
territory: ES

Payload:     
Request Parameters
header parameters
Name Description
apiKey*
apiSecret*
territory
body parameters
Name Description
login *
query parameters
Name Description
fields
include
exclude
languageAsPerTerritory
Responses Expand All Collapse All
logOut()
Logs out a customer.
Request Example
delete https://sandbox.whapi.com/v2/sessions/tickets/{tgt}?languageAsPerTerritory=false HTTP/1.1
Host: sandbox.whapi.com

apiKey: l7xxa54460c573b5497c9b24b505xxxxxxxx
apiSecret: l7xxa54460c573b5497c9b24b505xxxxxxxx
territory: ES

Request Parameters
path parameters
Name Description
tgt*
header parameters
Name Description
apiKey*
apiSecret*
territory
query parameters
Name Description
languageAsPerTerritory
Responses Expand All Collapse All
validateSession()
Checks the validity of a session ticket.
Request Example
get https://sandbox.whapi.com/v2/sessions/tickets/{tgt}?languageAsPerTerritory=false HTTP/1.1
Host: sandbox.whapi.com

apiKey: l7xxa54460c573b5497c9b24b505xxxxxxxx
apiSecret: l7xxa54460c573b5497c9b24b505xxxxxxxx
territory: ES

Request Parameters
path parameters
Name Description
tgt*
header parameters
Name Description
apiKey*
apiSecret*
territory
query parameters
Name Description
languageAsPerTerritory
Responses Expand All Collapse All
HEAD and OPTIONS
You can call the following idempotent REST methods on all version 2 APIs:

HEAD

Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content. The metainformation contained in the HTTP headers in response to a HEAD request is identical to the information sent in response to a GET request. This method is often used for testing hypertext links for validity, accessibility, and recent modification. The response to a HEAD request may be cacheable in the sense that the information contained in the response can be used to update a previously cached entity from that resource. If the new field values indicate that the cached entity differs from the current entity (as would be indicated by a change in Content-Length, Content-MD5, ETag or Last-Modified), then the cache treats the cache entry as stale.

OPTIONS

The OPTIONS method represents a request for information about the communication options available on the request/response chain identified by the Request-URI. This method allows you to determine the options and/or requirements associated with a resource without implying a resource action or initiating a resource retrieval. Responses to this method are not cacheable. The response includes any header fields that indicate optional features. The response body also includes information about the communication options.



Copyright (c) WHG (International) Limited 2016
Generated Date: 2020-10-29T05:02:30.023Z
Use of this document is subject to the William Hill Partner Developer Portal Terms and Conditions.