Instead of attaching your authentication credentials (login and password) to each API request, you can obtain a session key and then use it instead.
This document describes how API sessions work.
If you are not familiar with the API request and response format, you should probably read the README first.
You can pass any string in the auth/session_id element of the first request to the API.
For example:
{"module":"Service","method":"Find","auth":{"login":"LOGIN","password":"PASSWORD","session_id":"i_want_a_new_session"}}
If your request is successful and session_id is set, the API will generate a new session identifier and return its ID in the auth/session_id element of the response.
Although you may start a new session with any method, User::Login is the recommended one if you want to start a new session.
Using the session is pretty straightforward: you can omit login and password in your requests' auth element and send session_id returned by API instead. For example:
{"module":"Service","method":"Find","auth":{"session_id":"7565db7afd81b6e9f355b51c3a497e65"}}
If you specify both session_id and login/password, the session_id is checked first, and if it's not correct the standard login procedure follows. If the session_id is correct, authentication credentials are not checked.
Call User::Logout to end your session. If you call it without a session, nothing will happen.
The session will end automatically after a certain time period if no method calls are made with it.
For security reasons, you cannot change your password (either with User::Update or Distributor::Update) when authenticating with a session. You will need to authenticate with login and password to do this.