Start Session

Using a session token to represent institution and customer metadata

A session token is an encoded JSON Web Token that contains the institution and customer metadata relevant to a session.

POST /v2/session/startSession

Request

PropertyTypeRequiredDescription
sourceCustomerIdstringYesUnique identifier for the customer.
x-source-organization-idstringNoID for the net-new user, which will be used to create and associate the user with the organization.
x-source-portfolio-idstringNoPortfolio ID to use when creating and associating the user with the organization.

Example Request

{
  "clientId": "{your_client_id}",
  "clientSecret": "{your_client_secret}",
  "sourceCustomerId": "{source_customer_id}",
  "x-source-organization-id": "{organization_id}",
  "x-source-portfolio-id": "{portfolio_id}"
}

x-source-organization-id, and x-source-portfolio-id are optional.

Response

PropertyTypeDescription
sessionTokenstringSession token to use for Cardlytics API requests.

Session Expiration

By default, session tokens are valid for 15 minutes. Developer should cache the token and use the JWT exp claim to determine when the cached token expires.

After the token expires, request a new token by calling /v2/session/startSession again. If an expired token is used, Cardlytics returns a 401 Session Expired response.

Error Messages

When startSession is called for a user who does not have an associated account, Cardlytics returns the following error:

Status CodeError Message
400User has no accounts