Execute the POST call below:


Set content type to "application/json" by having this in the HTTPS header:

Content-Type: application/json

and the request body should look like this, adding valid user credentials in the body like in example below:







where WMID is 123456, username is test and password is test01.

Sample CURL command:

curl -v -H "Content-Type: application/json" -d "{ \"wmId\": 123456, \"username\": \"test\", \"password\": \"test01\" }" https://app.quotemedia.com/auth/p/authenticate/v0/

Upon a successful login, the above call returns JSON as such:


 "@c" : ".AuthenticateResponse",

 "code" : {

 "value" : 0,

 "name" : "Ok"


 "sid" : "ac9b4161-f608-4079-bf58-6d8055a6750c"


From this JSON object, you can extract the SID property and pass it to theRequest API as a &sid=extracted_sid. Passing sid to the Request API  also bypasses our IP lookup mechanism for Request API services.

Keep the user session (sid) alive by making your requests with same sid value until the sid expires.  See limitations at bottom of article.

Sample Request API Call:


For example, https://app.quotemedia.com/data/getQuotes.xml?webmasterId=123456&symbols=MSFT&sid=ac9b4161-f608-4079-bf58-6d8055a6750c
where [webmasterId] is 123456 and [extracted_sid] is ac9b4161-f608-4079-bf58-6d8055a675

Other possible Authenticate Response values include:

"value": 100, "name": "NotAuthorized" (Invalid Credentials)
"value": 6, "name": "InvalidRequest" (Invalidated, some attributes have incorrect values or absent)
"value": 2, "name": "UnknownRequestType" (The service is unable to recognize request type using “@c” property)
"value": 1, "name": "SystemError" (Unexpected exception in the service implementation)
"value": 0, "name": "Ok" (Request has been processed successfully)
"value": -1, "name": "Unknown" (Code has not been assigned, incomplete implementation)

Please note the following important limitations:

1) Any JSON authenticate call with the same combination of webmaster ID/username/password will kill a previously active session.

2) QuoteMedia implements strict protocols for maintaining individual and non-concurrent user sessions to authenticate the use of data by the individual user. The sid value that is generated upon user login to set their session will expire after 30 minutes of inactivity unless another attempt to set a session is made which will end the previous user session.

QuoteMedia also has apis that check is the user's quotemedia session is valid/active which can also refresh the user session and logout user session.