REST service duplicates authentication methods available via SOAP WS, and it uses the same session table and session ID format – so session created via REST can also be used via SOAP WS and opposite.
...
Access to all REST methods except 'login' requires authentication and valid session ID (this ID can be obtained via 'login' method and deleted via 'logout'). Session ID is passed as request parameter 'EDMSESSIONID' (case-sensitive).
...
Special kind of 'EDMSESSIONID' – with value set to 'BasicAuth' allows implicit session control using HTTP BasicAuth approach combined with storing session ID in HTTP cookie (note that request parameter 'EDMSESSIONID=BasicAuth' should be present in all method calls – otherwise HTTP cookies are just ignored).
To login and explicitly create new session (request parameters have priority over content given in
'jsonstring', if both are supplied):
AccessControl/login?USER=&GROUP=&PASSWORD=
Or
AccessControl/login?jsonstring={"USER":"","GROUP":"","PASSWORD":""}
If login is successful, HTTP 200 code will be sent, and session ID is returned as plain text result ("text/plain" content type, no JSON wrapping). Else 'SC_BAD_REQUEST' is returned (400).
To logout use (supply valid session ID):
AccessControl/logout?EDMSESSIONID=
NOTE: Sessions have a timeout – for specific value see documentation for EDMWebServices (by default it is set to 12 hours after last usage).