Issue API token (GetUserID)

Authenticate a user/password and (optionally) issue a fresh tsid token.

Endpoint: POST https://<base>/api/v2/GetUserID.php

Authenticates a user (HTTP Basic, tsid, or sid) and returns the customer / user ids and the per-feature permission flags. When called with tsid=1, it also issues a brand-new tsid (20 characters) that you can store and reuse on subsequent calls.

This is typically the first endpoint integration code calls — it converts username/password into a stable token your servers can keep.

Authentication

Three modes are accepted:

HTTP Basic with username + password (most common for issuing the first token).
tsid parameter (refresh / introspect an existing token).
sid parameter (internal session id; rare in external integrations).

See Authentication.

Request

`tsid` — type: integer | string

Pass the literal 1 to issue a brand-new token in addition to authenticating. Pass an existing tsid to introspect it.

Request example

```bash curl (HTTP Basic, request new token) curl -X POST ‘https:///api/v2/GetUserID.php’
-u “your_user:your_password”
-d ‘tsid=1’

```bash curl (introspect existing token)
curl -X POST 'https://<base>/api/v2/GetUserID.php' \
  -d 'tsid=YOUR_EXISTING_TSID'

Response

```json 200 OK { “return”: { “status”: “OK”, “status_code”: “0”, “cdcs_id”: “1234”, “cdcsu_id”: “987”, “aut_app”: “1”, “aut_send”: “1”, “aut_camp”: “1”, “tsid”: “Ab1Cd2Ef3Gh4Ij5Kl6Mn” } }

```json 401 Unauthorized
{
  "return": {
    "status": "fail authentication",
    "status_code": "100",
    "cdcs_id": "0",
    "cdcsu_id": "0",
    "aut_app": "0",
    "aut_send": "0",
    "aut_camp": "0",
    "tsid": "null"
  }
}

return.cdcs_id (string) — Customer id (multi-tenant key). Persist if you operate on behalf of multiple customers.
return.cdcsu_id (string) — User id (the specific operator account inside the customer).
return.aut_app (string) — 1 if the user can use the API, 0 otherwise.
return.aut_send (string) — 1 if the user can call send-message endpoints (MakeSMS, MakeWhatsapp, MakeTTSCall).
return.aut_camp (string) — 1 if the user can manage campaigns (CreateCampaign, ChangeCampaign).
return.tsid (string) — Newly issued token (20 chars) when tsid=1 was passed; null when only introspecting.

Error codes

This endpoint is gated by log_api_v2 — most failures come from there:

Code	`status`	Cause
`100`	`fail authentication`	Credentials wrong, account inactive, or required input missing.
`131`	`IP trials exceeded`	Too many attempts from this IP in 10 minutes.
`132`	`user trials exceeded`	Too many failed attempts for this user in 10 minutes.
`140`	`invalid user/pass`	Wrong username or password.
`199`	`IP blocked`	IP is on the permanent blacklist.

Usage tips

Issue a token once during onboarding and store it in your secret manager. Don’t call this endpoint on every request — it counts toward the brute-force counters.
Tokens do not expire by themselves but can be revoked by the customer (admin sets cdcs_tokens_blockeds = 1) or invalidated by adding a new IP allowlist that blocks your egress.
The aut_* flags reflect the user’s permissions at the moment of authentication; re-call this endpoint after permission changes to refresh them.