My AirCo is using cloud to get commands, so I took the phone application and mapped the HTTP requests there to commands.

before using the API, I get 401 error to authenticate
And i see that the auth is POST to some page, and I get back JSESSION token I should use for anything else

What method can I use to do what I need ?

normally on a API:

  1. You authenticate against the API and become a session token/ID.
  2. This token you use in each request you will do against API
  3. At last close session

So from your description I think you are unauthenticated and you will redirected to the authentication page. Authenticate take JSESSION token and put them into the header/body (where it is needed for API).
For this you must read the API documentation.

best regards,

I actually trying something else, maybe wrong way.

Should I ask for token and use this indefinitely (Like the phone app) ? or get new token each time ?

Depends on the API. Could be a token only for a session or the same token for a device until you delete it.

best regards,

its the second, the app used same token for days and revoked when i Logged-out