To perform non-anonymous call on Quatrix API, client application should obtain session token. Additionally every call should be signed with user's password pbkdf2 to form 'authorization' header.

Login call accepts user login (email), referer (to differentiate accounts) and authorization token. Authorization token is calculated based on HTTP request method, route URI, login, timestamp and user's password pbkdf2.

If login was successful - API returns 200 OK status with X-Auth-Token header containing newly created session token. This session id is than used as variable to calculate authorization token for next API calls that require authorization.

Failed login returns 401 HTTP error.