Session-Based Authentication

Session-based authentication uses browser cookies to authenticate API requests. This method is primarily intended for Ajax calls in browser-based JavaScript applications that run on the RIPE Atlas website.

How It Works

When a user is logged in to the RIPE Atlas website, their browser holds a session cookie. JavaScript running on the same origin can make API requests that are automatically authenticated using this cookie.

Security

Session-based requests are subject to standard browser security measures:

CSRF protection — Cross-Site Request Forgery tokens are required for state-changing requests
Same-origin policy — requests are restricted to the same origin as the RIPE Atlas website

Limitations

WARNING

The RIPE Atlas website enforces a strict Content Security Policy (CSP). Third-party scripts and cross-origin requests are blocked. Session-based authentication only works for JavaScript running directly on the RIPE Atlas origin — it cannot be used from external sites or browser extensions.

Scope

The detailed implementation of session-based authentication is outside the scope of this manual. For most use cases, API keys are the recommended authentication method.

REST API Manual

Core concepts

Measurements

Creating measurements

Status checks

Probes

Anchors

Credits

Authentication

Keys

Measurement result format

REST API Reference

anchor-measurements

anchors

credits

keys

measurements

participation-requests

probes

Session-Based Authentication

How It Works

Security

Limitations

Scope

Core concepts

Measurements

Creating measurements

Status checks

Probes

Anchors

Credits

Authentication

Keys

anchor-measurements

anchors

credits

keys

measurements

participation-requests

probes

Session-Based Authentication ​

How It Works ​

Security ​

Limitations ​

Scope ​

Session-Based Authentication

How It Works

Security

Limitations

Scope