Class representing session (logged user). You must log in using this object before making any other requests.

The session ID returned from login is valid for 4 hours.

Available methods

constructor Pap_Api_Session($url) - this method creates the session object. You have to specify full valid URL to the /scripts/server.php file of your installation. For example:

login($username, $password, $roleType = self::MERCHANT, $languageCode = null, $twofactorToken = null) - used to authorize the user.

  • $username and $password must be your merchant or affiliate login information.
  • $roleType can be either self::MERCHANT or self::AFFILIATE. By default the user is considered to be a merchant, if you want to log in as an affiliate, you have to specify the third parameter $roleType = self::AFFILIATE.
  • $languageCode parameter is optional. If you do not specify any value for this parameter, default language will be used. Language can be specified by its code e.g. en-US, de-DE, sk, cz, etc.
  • $twofactorToken is optional, however if your account has 2 factor authentication enabled you won't be able to log in without it. You can either create a separate API user using the Multiple merchants (Administrators) feature which also allows to limit the access to only what is really needed or you need to pass the token returned by your Google Authenticator app. There are external libraries you could use to get the actual token for given secret.
  • return true if login was successful, otherwise false. If the API version has changed and your PapApi.class.php file is old login throws Gpf_Api_IncompatibleVersionException (see bellow for more details).

setDebug(true/false) - used to enable debugging. If you set it to true, it will output every request and response in JSON format. Do not leave enabled in production!

getMessage() - returns error message in case of error

getAppVersion() - returns version of the installed application as a string (version number) or false in case of an error.

getSessionId() - used to obtain the session ID after logging in.

setSessionId($sessionId) - use this instead of login() function, for login from session id. If you wish to log in as affiliate, also specify the role with second parameter set to Pap_Api_Session::AFFILIATE.


Logging in as merchant

$session = new Pap_Api_Session('');
if(!$session->login('', 'demo')) {
  die("Cannot login. Message: ".$session->getMessage());

Logging in as affiliate

$session = new Pap_Api_Session('');
if(!$session->login('', 'demo', Pap_Api_Session::AFFILIATE)) {
  die("Cannot login. Message: ".$session->getMessage());

Of course, as an affiliate you don't have access to the same functionality as a merchant, for example to the list of all affiliates.

Redirect user to panel after login

If you want to redirect user (merchant/affiliate) to his panel after Pap_Api_Session is created you can do it using following code:

function 'getUrlWithSessionInfo()' is deprecated, we recommend to use 'LoginKey' url parameter from this example

// redirecting to merchant panel (requires merchant session)
header('Location: '.$session->getUrlWithSessionInfo(''));

// redirecting to affiliate panel (requires affiliate session)
header('Location: '.$session->getUrlWithSessionInfo(''));

Print version of Post Affiliate Pro installation.

$session = new Pap_Api_Session('');
if ($papversion = $session->getAppVersion()) {
    echo 'Post Affiliate Pro version: ' . $papversion;
} else {
    echo 'Failed to load version with error: ' . $session->getMessage();

Handle the Gpf_Api_IncompatibleVersionException

$session->login(...) throws Gpf_Api_IncompatibleVersionException exception in case when your PapApi.class.php file version is different then the API version of your Post Affiliate Pro. Example of handling this exception:

$session = new Pap_Api_Session('');
try {
    if (!$session->login('', 'demo')) {
        die("Unable to login: ".$session->getMessage());
    echo "logged";
} catch (Gpf_Api_IncompatibleVersionException $e) {
    echo "Download new API file here: ".$e->getApiDownloadLink();

Method getApiDownloadLink() in Gpf_Api_IncompatibleVersionException returns full url of the PapApi.class.php file of the installation you are connecting to so you can download it and update your PapApi.class.php file.

Authenticate as merchant using setSessionId method

$session = new Pap_Api_Session('');

Authenticate as affiliate using setSessionId method

$session = new Pap_Api_Session('');
$session->setSessionId('sdf4sdfg5465sdfgqw65uytkm68fguku', Pap_Api_Session::AFFILIATE);