Using a session token to represent institution and customer metadata
A session token is an encoded JSON Web Token that contains the institution and customer metadata relevant to a session.
POST /v2/session/startSessionRequest
| Property | Type | Required | Description |
|---|---|---|---|
sourceCustomerId | string | Yes | Unique identifier for the customer. |
x-source-organization-id | string | No | ID for the net-new user, which will be used to create and associate the user with the organization. |
x-source-portfolio-id | string | No | Portfolio ID to use when creating and associating the user with the organization. |
Example Request
{
"clientId": "{your_client_id}",
"clientSecret": "{your_client_secret}",
"sourceCustomerId": "{source_customer_id}",
"x-source-organization-id": "{organization_id}",
"x-source-portfolio-id": "{portfolio_id}"
}
x-source-organization-id, andx-source-portfolio-idare optional.
Response
| Property | Type | Description |
|---|---|---|
sessionToken | string | Session token to use for Cardlytics API requests. |
Session Expiration
By default, session tokens are valid for 15 minutes. Developer should cache the token and use the JWT exp claim to determine when the cached token expires.
After the token expires, request a new token by calling /v2/session/startSession again. If an expired token is used, Cardlytics returns a 401 Session Expired response.
Error Messages
When startSession is called for a user who does not have an associated account, Cardlytics returns the following error:
| Status Code | Error Message |
|---|---|
400 | User has no accounts |