Question
Do I need to use the cpsess##### security token when making API calls?
Answer
Only cookie-based API calls, such as calls from a web browser, require the cpsess token. If you are making an API token-based call, remove the cpsess portion of the URL. Below is an example of the suspendacct API call in the proper format:
https://hostname.example.com:2087/json-api/suspendacct?api.version=1&user=username&reason=Nonpayment&leave-ftp-accts-enabled=0