Using the Keyring

The keyring provides a way to keep passwords entered by the user during a browsing session, and to communicate them to the Zenfolio server. From the application perspective, the keyring is an opaque character string. The Zenfolio API provides the KeyringAddKeyPlain method to add passwords to a keyring.

When an application tries to access a password-protected object, it should include a keyring in its request so that the server can verify that the correct password was provided by the user. One way to provide the keyring is to include an X-Zenfolio-Keyring header in the HTTP request, for example:

POST /api/1.8/zfapi.asmx HTTP/1.1<cr><lf>
Host: api.zenfolio.com<cr><lf>
User-Agent: Acme PhotoEdit plugin for Zenfolio<cr><lf>
Content-Type: text/xml; charset=utf-8<cr><lf>
Content-Length: 223<cr><lf>
SOAPAction: "http://www.zenfolio.com/api/1.8/LoadPhoto"<cr><lf>
X-Zenfolio-Keyring: AiBt0LW92zb1f/g-p1GXQXpOunNpFyQWS5/LxU=<cr><lf>
<cr><lf>
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <LoadPhoto xmlns="http://www.zenfolio.com/api/1.8">
      <photoId>327977501</photoId>
    </LoadPhoto>
  </soap:Body>
</soap:Envelope>

Alternatively, the application can add a zf_keyring cookie to the request:

POST /api/1.8/zfapi.asmx HTTP/1.1<cr><lf>
Host: api.zenfolio.com<cr><lf>
User-Agent: Acme PhotoEdit plugin for Zenfolio<cr><lf>
Content-Type: text/xml; charset=utf-8<cr><lf>
Content-Length: 223<cr><lf>
SOAPAction: "http://www.zenfolio.com/api/1.8/LoadPhoto"<cr><lf>
Cookie: zf_keyring=AiBt0LW92zb1f/g-p1GXQXpOunNpFyQWS5/LxU=;<cr><lf>
<cr><lf>
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <LoadPhoto xmlns="http://www.zenfolio.com/api/1.8">
      <photoId>327977501</photoId>
    </LoadPhoto>
  </soap:Body>
</soap:Envelope>

The keyring is only valid for about 24 hours since the last modification.

Index