To sign in you must POST XML to /user/signin like this
The response (in case of a successful login) is XML with information about the logged-in user.
The example above includes the -i parameter because it outputs the http header. In this header a cookie is sent: silk_sid, it must be used to authenticate the user in subsequent requests.
A browser automatically sends this cookie after a successful login when making subsequent requests, but when using the API with a programming language you may be more explicit in sending this cookie (although you can use a cookie jar on the server, libcurl has this option).
The silk_sid cookie is valid for one year from the last active use or until the user is logged out.
To log out and invalidate the silk_sid cookie.