The only API call that returns a ticket as a cookie is the API_Authenticate call. So if you want to do several API calls one after another you either have to supply a username and password for each call or you can start with the API_Authenticate call and it will return a ticket as a cookie. If your browser or programmatic web client accepts cookies then you will be logged in until the cookie expires. QuickBase tickets expire in about 12 hours. You can supply the API_Authenticate call with a parameter called "hours" that sets the ticket lifetime. Setting "hours" on the API_Authenticate call to 0 uses the default expiration of about 12 hours. If don't want your ticket to ever expire, then you can set it to a large value like 876000, which is 100 years.

If you would like to construct a link that logs users in and performs another QuickBase operation you can supply the rdr parameter for the API_Authenticate call to invoke another API call. For example if you wanted to do API_GenResultsTable on a database that did not have anonymous view privileges, you could construct the following URL:

https://www.quickbase.com/db/main?act=API_Authenticate&username=fred&pas...

The URL contained in the rdr parameter looks a little strange because it's URL encoded. Specifically the following characters are encoded:

& becomes %26
= becomes %3D
? becomes %3F
^ becomes %5E

caret (^) is used instead of ampersand (&) in XSL URLs. See the following FAQ for more information.

http://quickbase.intuit.com/developer/node/1955

One word of caution. Any registered QuickBase user that's signed in under their own account will be signed out of their account and signed in under the account contained in the URL when they click on the URL.