BDG-00: Establish Session

Use Case: Establish BadgeOS Session

Before the API calls can be made to BadgeOS, the server needs to present its credentials as the application so the BadgeOS system will allow operations to be performed. The default implementation on WordPress is a set of cookies.


  • The Main Server is the initiator of sessions.
  • BadgeOS responds to requests to initiate sessions.


  • Both systems must be available on the network.
  • TLS sessions must be enabled to avoid sending credentials in plain text.


  1. Post to the Login screen with the following values: (Details taken from Postman under "Login WP" collection and the "How To" entry.)
    1. account name
    2. password
    3. request for Test Cookie (establishes that the client is paying attention to cookies?)
  2. The response will contain a set of cookies which establish the session

Alternative Paths

A nonce is also required and is used for subsequent requests. There may be multiple nonces within the body of the response. Which nonce to use depends on the action being taken. A map of these nonces may address the full range of the API we want to use.


  • Full set of required cookies are set.
  • Optional: Map of the Nonces to be used for awarding, revoking, and so on. This is optional because it may make more sense to obtain the nonce at the time the call is being made.


Implementation Detail: The cookies are valid for some period of time and then need to be refreshed. The procedure for when and how to refresh remains open.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License