When you log in to the appliance using the login-sessions REST API, a session ID is returned. You use the session ID in all subsequent REST API operations in the auth header. The session ID is valid for 24 hours.