regarding the GoodData Apiary I have example in CURL
1st Step - POST to https://secure.gooddata.com/gdc/account/login:
jirka@x230:~$ curl --include --header "Accept: application/json" --header "Content-Type: application/json" --request POST --data-binary "{\"postUserLogin\":{\"login\":\"jiri.simon@gooddata.com\",\"password\":\"`cat my_pass.txt`\",\"remember\":1}}" "https://secure.gooddata.com/gdc/account/login"
HTTP/1.1 200 OK
X-GDC-REQUEST: 7AEoVKre3lTF8sUV
Server: Apache
Set-Cookie: GDCAuthTT=; path=/gdc; expires=Sat, 07-Sep-2013 22:16:26 GMT; secure; HttpOnly
Set-Cookie: GDCAuthSST=jcftYGCC3u6pkNRK; path=/gdc/account; expires=Wed, 23-Oct-2013 22:16:26 GMT; secure; HttpOnly
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
X-GDC-REQUEST-TIME: 69
Content-Type: application/json;charset=UTF-8
Content-Length: 143
Accept-Ranges: bytes
Date: Mon, 07 Oct 2013 22:16:26 GMT
X-Varnish: 2109577795
Age: 0
Via: 1.1 varnish
Connection: keep-alive
{"userLogin":{"profile":"/gdc/account/profile/254c399a3f5131b7026313d4f8761410","state":"/gdc/account/login/254c399a3f5131b7026313d4f8761410"}}
2nd step is to get GDCAuthTT using SST from the response from 1st step:
jirka@x230:~$ curl --include --header "Cookie: $Version=0; GDCAuthSST=jcftYGCC3u6pkNRK; $Path=/gdc/account" --header "Accept: application/json" --header "Content-Type: application/json" https://secure.gooddata.com/gdc/account/tokenHTTP/1.1 200 OK
X-GDC-REQUEST: GqPnYyk3pKAW5eju
Server: Apache
Set-Cookie: GDCAuthTT=h3CUUg72U2SLhL7Tghj_TVnba6byjgj3L78aJkSFuoji_0DiqXGRYY7C1zWDa-2yIa0Aj3-MuVlWPdNSx7N7CDzM7w21Fl6OaMjuF-98bV6cRx34HW-ql6IGt6ufWo_U5fQa2QqU6b-F0MsGE6orDC6ZMt2anJQdATNYsHfELiB7ImwiOiIwIiwidSI6IjE3Mzk4NyIsImsiOiJiZWQyZWU1ZS05YzYxLTRhNWMtOWJlNi05ZTAxZDQ4NjI5NmEiLCJ1aWQiOiIyNTRjMzk5YTNmNTEzMWI3MDI2MzEzZDRmODc2MTQxMCIsInYiOjEzODExODQ4MTZ9; path=/gdc; secure; HttpOnly
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
X-GDC-TIMESTAMP: 600
X-GDC-REQUEST-TIME: 20
Content-Type: application/json;charset=UTF-8
Content-Length: 2
Accept-Ranges: bytes
Date: Mon, 07 Oct 2013 22:16:56 GMT
X-Varnish: 1661889108
Age: 0
Via: 1.1 varnish
Connection: keep-alive
And then you can use all other calls using your GDCAuthTT, but this GDCAuthTT has validity only 10 minutes and after 10 minutes you'll get 401 and you have to call previous command again for new GDCAuthTT