logout?

Response to a request login
{"token":"GOP59p3iWMYaxmbdOd4g5fn5bWbamPydQPfNDGq1 rvE=","product":"myAppKey","status":"SUCCESS","err or":""}


Response to a request logout
{"token":"GOP59p3iWMYaxmbdOd4g5fn5bWbamPydQPfNDGq1 rvE","product":"myAppKey","status":"SUCCESS","erro r":""}

The only difference is in the sign "=" at the end of the token.
Does this mean that the output of place?

When HTTP request has HTTP header that asks JSON reply, then Betfair replies with JSON but not HTML.

Accept: application/json

Do not misunderstand. What do you mean?

"By the way, WHY does betfair want me to upload the PRIVATE key?"

That's a good question, and I wondered the same when I read something somewhere along the lines... do not share your private key with anyone!!

Like most people I'm an SSL ignoramus, using it every day but mostly in ignorance of how it really works.

I used to think if communications were two way and traffic must be encrypted, then both parties need the means to decrypt, it's not good enough for one party to have both public and private keys, and the other to only have the public key (that is only good for encrypting). However it is possible to do this because the client with only the public key can dynamically create a key and pass it securely to the other client.

I've just read up on it and am still none the wiser, one day I may actually understand it.

Perhaps Betfair require the private key as a further means to authenticate users.

"By the way, WHY does betfair want me to upload the PRIVATE key?"

to answer myself,
http://en.wikipedia.org/wiki/Public-key_cryptography

That is THEY need to decrypt what I encrypt.
So I encrynpt with a public key, and BF decryft my message with MY private key.
Got It.

BUT, POST()ing - using the interactive login - is much simpler.
Why have two ways ?
/Björn