Using a session token to represent institution and customer metadata
A session token is an encoded JSON Web Token representing the institution and customer metadata relevant to a session.
POST /v2/session/startSession
Important
- Session tokens should be cached. The API may return a 401 response, but there will be no special indication that the session has expired. (Note that this is a security best practice.)
- It is acceptable for a user to have multiple sessions. It is also acceptable if the token is stored in some session that is maintained for the end user.
- Session tokens expire after one hour.
After requesting a session token, set it as a custom X-CDLX-Session-Token HTTP header in your subsequent API requests.
Example: cURL Request with SessionToken in Custom HTTP Header
The following example shows a session token being set as an HTTP header. An X-CDLX-Request-Id header is also being set for debugging and tracing.
% curl -X POST -H 'X-CDLX-Request-Id: 56d5d70e-7fb8-43d3-8331-19bb6930bbdb' -H 'X-CDLX-Session-Token: ${token}' publisher-uk-fiuat.cardlytics.com/v2/ads/getAds
Session Expiration
When a session expires, you will receive a 401 Session Expired response from Cardlytics. In this case, request a new token by making another /startSession API call.