All API requests are initiated post successful Customer login. Customer is required to login everytime a session is inactive for more than 30 Minutes

For Customer Login, the user's Email ID, Password and DOB need to be encrypted and sent

For encyption, we use AES 256 with transformation mode as "AES/CBC/PKCS5Padding"

The key and IV will be provided along with the API keys

A cookie would be generated on login, which needs to be passed with every API for session authentication