Most requests require a valid session to perform the request. To get a valid session the user must first log in using their credentials. The response to a valid log in request contains the “Set-Cookie” HTTP header which contains a Session cookie. This session cookie must be provided to all subsequent requests in the HTTP “Cookie” header.
The session is valid until the user logs out, or there has been two hours of inactivity (unless otherwise configured).