If you want Case Sensitive Passwords in your space, set the profile setting 469 to Y.  Note: If you are using a PasswordHash, then this setting is ignored.  
  You can limit the number of sessions for the one Logon (UserName) via profile setting 470. 0 [default] can reuse the same Logon, 1 = Multiple Sessions on the one IP (eg can logon using Chrome / FireFox on the one PC), 2 = Only one session, 3 = Only one session per space.  
  This method can only be called over https. If you try over http, ErrorCode 6 will be returned  
  Logon Text  
  Password Text  
 or Passwordhash Text

Depending on the User's AuthentificationLevel, this needs to be a MD5 hash of Logon + password + AuthentificationToken + AuthentificationPIN

Highly recommended as stops the password being exposed in client side debuggers etc.  Mandatory if the user's authentification level is 'Logon Token' or 'Logon Token and PIN Token'

MD5 javascript function available at /jscripts/md5-min.js

  passwordstatus OK or EXPIRED
  sid Session Id
  user User Id
  status OK or ER