Every API request must be encrypted via Secure Sockets Layer (SSL).
Every API request must include a session id (sid). The session id is obtained by an initial “login” API request that returns the session id in the XML-RPC response.
The iThenticate API will request validation but the user is encouraged to ensure that client side requests conform to the guidelines presented in the API. Requests which do not conform to the parameters and examples shown in this document cannot be guaranteed to return correct responses, nor can they be guaranteed to return errors or messages about what elements of the request were invalid. As with HTTP requests,request parameters that are not designated for a certain method will be ignored rather than an error being thrown. See each method description for the required request parameters.
An example login request is shown here (white space inserted for readability). The username and password are passed in a struct element.