Since QKViews are always associated with an account (accounts are free and can be created at, authentication is performed by first obtaining a set of cookies from the F5 API login service. This set of cookies must be sent with all subsequent requests to the iHealth API.
The cookies are obtained by sending an HTTP POST with the username and password to this URL:
The POST body should contain JSON that specifies the user ID and secret. An example of the json payload for would look like this:
{"user_id": "", "user_secret": "Secret!P@ssw@rd"}

You must use an ecrypted connection, so ensure that your code specifies HTTPS as the protocol, and not HTTP. A simple unix curl command-line to obtain a set of cookies for j.smith would look like this:
curl -H"Content-type: application/json" --user-agent "MyGreatiHealthClient" --cookie-jar cookiefile -o - --data-ascii "{\"user_id\": \"\", \"user_secret\": \"Secret!P@ssw@rd\"}" -X POST

Headers from a successful authentication will result in the issuance of a set of cookies, an expiration for the token as an epoch timestamp, and an HTTP 200 response code:
HTTP/1.1 200 OK

Set-Cookie: ssosession=!0aZipjm2ZevChX3RNPXnfjXjzD9XUVZwlWCdZ+UBshlQXedjcT7QLNubx/BotAcxaLTF0rD77Mzfn4xFK0rUvXxfRZwJTBH4Ojc7D2sH+XiF7wWKytTe8rwH3gB1GY9zD7k5bjHcTqOstDPalrPz2QGPKw==;Version=1;;Path=/;Secure
Set-Cookie: userinfo=!pr71lPcnkRltvuzRNPXnfjXjzD9XUTOYuuT68bovdvM+g0v0VfL8LavUSoXO0cJ2A2DodMKgPvWcy9NKYiFTFiU7hRVs930WhmigjppepUpnJzBpXys7MfpHxpI1cG7yvgW8g8uzMHN0hiYUqFG7+V1SBmzChZhnb8Zt5pmPdPw7M8sxRW/LQI7E6ZerzEms+P/UIKiQGiU=;Version=1;;Path=/;Secure
Set-Cookie: sso_completed=1;Version=1;;Path=/;Secure
Set-Cookie: f5sid01=!xSbo4L/WQjlDXezRNPXnfjXjzD9XUTAwjrnaPZ72KVtcFPng32/+6QKgcX4AFfCVaXRxBLLJVofn/7PPefKX95ovXJoeASWMZH/Mgw6NAg+wCdxiTg==;Version=1;;Path=/;Secure

{"expires": 14343277283 }

The ssosession cookie along with all other cookies retrieved via this POST will be saved into the file ‘cookiefile’. These cookies must be sent with every request to the iHealth API. These cookies will be honored for up to the expiration returned in the body of the response, after which a new set of cookies must be obtained from the login server by repeating the curl command (or equivalent). When the cookies time out, the API request currently being performed will be redirected to the login servers rather than being fulfilled. In the event of a failed authentication event, a 302 redirect will also be issued, however no ssosession cookie will be set. Additionally the redirect Location header will differ from a successful response
HTTP/1.1 302 Moved Temporarily


If you are having issues obtaining an ssosession cookie for API access, please attempt to login “by hand” using a browser at to ensure that your username and password are valid.