Create a new session​
Create a new session. A token will be returned, which is required for further updates of the session.
Request Body required
checks object
"Check for user and password. Successful checks will be stated as factors on the session."
user object
"checks the user and updates the session on success"
Possible values: non-empty
and <= 200 characters
Possible values: non-empty
and <= 200 characters
password object
"Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: non-empty
and <= 200 characters
webAuthN object
"Checks the public key credential issued by the WebAuthN client. Requires that the user is already checked and a WebAuthN challenge to be requested, in any previous request."
Possible values: >= 55 characters
and <= 1048576 characters
JSON representation of public key credential issued by the webAuthN client
idpIntent object
"Checks the IDP intent. Requires that the userlink is already checked and a successful idp intent."
Possible values: non-empty
and <= 200 characters
ID of the idp intent, previously returned on the success response of the IDP callback
Possible values: non-empty
and <= 200 characters
token of the idp intent, previously returned on the success response of the IDP callback
totp object
"Checks the Time-based One-Time Password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: >= 6 characters
and <= 6 characters
otpSms object
"Checks the One-Time Password sent over SMS and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: non-empty
otpEmail object
"Checks the One-Time Password sent over Email and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: non-empty
metadata object
"custom key value list to be stored on the session"
challenges object
webAuthN object
"Domain on which the session was created. Will be used in the WebAuthN challenge."
Possible values: [USER_VERIFICATION_REQUIREMENT_UNSPECIFIED
, USER_VERIFICATION_REQUIREMENT_REQUIRED
, USER_VERIFICATION_REQUIREMENT_PREFERRED
, USER_VERIFICATION_REQUIREMENT_DISCOURAGED
]
Default value: USER_VERIFICATION_REQUIREMENT_UNSPECIFIED
"User verification that is required during validation. When set to USER_VERIFICATION_REQUIREMENT_REQUIRED
the behaviour is for passkey authentication. Other values will mean U2F"
otpSms object
otpEmail object
sendCode object
Possible values: non-empty
and <= 200 characters
"Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used."
userAgent object
header object
property name* object
A header may have multiple values. In Go, headers are defined as map[string][]string, but protobuf doesn't allow this scheme.
"duration (in seconds) after which the session will be automatically invalidated"
Request Body required
checks object
"Check for user and password. Successful checks will be stated as factors on the session."
user object
"checks the user and updates the session on success"
Possible values: non-empty
and <= 200 characters
Possible values: non-empty
and <= 200 characters
password object
"Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: non-empty
and <= 200 characters
webAuthN object
"Checks the public key credential issued by the WebAuthN client. Requires that the user is already checked and a WebAuthN challenge to be requested, in any previous request."
Possible values: >= 55 characters
and <= 1048576 characters
JSON representation of public key credential issued by the webAuthN client
idpIntent object
"Checks the IDP intent. Requires that the userlink is already checked and a successful idp intent."
Possible values: non-empty
and <= 200 characters
ID of the idp intent, previously returned on the success response of the IDP callback
Possible values: non-empty
and <= 200 characters
token of the idp intent, previously returned on the success response of the IDP callback
totp object
"Checks the Time-based One-Time Password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: >= 6 characters
and <= 6 characters
otpSms object
"Checks the One-Time Password sent over SMS and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: non-empty
otpEmail object
"Checks the One-Time Password sent over Email and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: non-empty
metadata object
"custom key value list to be stored on the session"
challenges object
webAuthN object
"Domain on which the session was created. Will be used in the WebAuthN challenge."
Possible values: [USER_VERIFICATION_REQUIREMENT_UNSPECIFIED
, USER_VERIFICATION_REQUIREMENT_REQUIRED
, USER_VERIFICATION_REQUIREMENT_PREFERRED
, USER_VERIFICATION_REQUIREMENT_DISCOURAGED
]
Default value: USER_VERIFICATION_REQUIREMENT_UNSPECIFIED
"User verification that is required during validation. When set to USER_VERIFICATION_REQUIREMENT_REQUIRED
the behaviour is for passkey authentication. Other values will mean U2F"
otpSms object
otpEmail object
sendCode object
Possible values: non-empty
and <= 200 characters
"Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used."
userAgent object
header object
property name* object
A header may have multiple values. In Go, headers are defined as map[string][]string, but protobuf doesn't allow this scheme.
"duration (in seconds) after which the session will be automatically invalidated"
Request Body required
checks object
"Check for user and password. Successful checks will be stated as factors on the session."
user object
"checks the user and updates the session on success"
Possible values: non-empty
and <= 200 characters
Possible values: non-empty
and <= 200 characters
password object
"Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: non-empty
and <= 200 characters
webAuthN object
"Checks the public key credential issued by the WebAuthN client. Requires that the user is already checked and a WebAuthN challenge to be requested, in any previous request."
Possible values: >= 55 characters
and <= 1048576 characters
JSON representation of public key credential issued by the webAuthN client
idpIntent object
"Checks the IDP intent. Requires that the userlink is already checked and a successful idp intent."
Possible values: non-empty
and <= 200 characters
ID of the idp intent, previously returned on the success response of the IDP callback
Possible values: non-empty
and <= 200 characters
token of the idp intent, previously returned on the success response of the IDP callback
totp object
"Checks the Time-based One-Time Password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: >= 6 characters
and <= 6 characters
otpSms object
"Checks the One-Time Password sent over SMS and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: non-empty
otpEmail object
"Checks the One-Time Password sent over Email and updates the session on success. Requires that the user is already checked, either in the previous or the same request."
Possible values: non-empty
metadata object
"custom key value list to be stored on the session"
challenges object
webAuthN object
"Domain on which the session was created. Will be used in the WebAuthN challenge."
Possible values: [USER_VERIFICATION_REQUIREMENT_UNSPECIFIED
, USER_VERIFICATION_REQUIREMENT_REQUIRED
, USER_VERIFICATION_REQUIREMENT_PREFERRED
, USER_VERIFICATION_REQUIREMENT_DISCOURAGED
]
Default value: USER_VERIFICATION_REQUIREMENT_UNSPECIFIED
"User verification that is required during validation. When set to USER_VERIFICATION_REQUIREMENT_REQUIRED
the behaviour is for passkey authentication. Other values will mean U2F"
otpSms object
otpEmail object
sendCode object
Possible values: non-empty
and <= 200 characters
"Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used."
userAgent object
header object
property name* object
A header may have multiple values. In Go, headers are defined as map[string][]string, but protobuf doesn't allow this scheme.
"duration (in seconds) after which the session will be automatically invalidated"
- 200
- 403
- 404
- default
OK
Schema
details object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
"id of the session"
"The current token of the session, which is required for delete session, get session or the request of other resources."
challenges object
webAuthN object
Options for Assertion Generaration (dictionary PublicKeyCredentialRequestOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialrequestoptions
{
"details": {
"sequence": "2",
"changeDate": "2024-06-13T06:44:35.602Z",
"resourceOwner": "69629023906488334"
},
"sessionId": "222430354126975533",
"sessionToken": "string",
"challenges": {
"webAuthN": {
"publicKeyCredentialRequestOptions": {
"publicKey": {
"allowCredentials": [
{
"id": "ATmqBg-99qyOZk2zloPdJQyS2R7IkFT7v9Hoos_B_nM",
"type": "public-key"
}
],
"challenge": "GAOHYz2jE69kJMYo6Laij8yWw9-dKKgbViNhfuy0StA",
"rpId": "localhost",
"timeout": 300000,
"userVerification": "required"
}
}
},
"otpSms": "string",
"otpEmail": "string"
}
}
Schema
details object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
"id of the session"
"The current token of the session, which is required for delete session, get session or the request of other resources."
challenges object
webAuthN object
Options for Assertion Generaration (dictionary PublicKeyCredentialRequestOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialrequestoptions
{
"details": {
"sequence": "2",
"changeDate": "2024-06-13T06:44:35.603Z",
"resourceOwner": "69629023906488334"
},
"sessionId": "222430354126975533",
"sessionToken": "string",
"challenges": {
"webAuthN": {
"publicKeyCredentialRequestOptions": {
"publicKey": {
"allowCredentials": [
{
"id": "ATmqBg-99qyOZk2zloPdJQyS2R7IkFT7v9Hoos_B_nM",
"type": "public-key"
}
],
"challenge": "GAOHYz2jE69kJMYo6Laij8yWw9-dKKgbViNhfuy0StA",
"rpId": "localhost",
"timeout": 300000,
"userVerification": "required"
}
}
},
"otpSms": "string",
"otpEmail": "string"
}
}
Schema
details object
on read: the sequence of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
on read: the timestamp of the last event reduced by the projection
on manipulation: the timestamp of the event(s) added by the manipulation
"id of the session"
"The current token of the session, which is required for delete session, get session or the request of other resources."
challenges object
webAuthN object
Options for Assertion Generaration (dictionary PublicKeyCredentialRequestOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialrequestoptions
{
"details": {
"sequence": "2",
"changeDate": "2024-06-13T06:44:35.603Z",
"resourceOwner": "69629023906488334"
},
"sessionId": "222430354126975533",
"sessionToken": "string",
"challenges": {
"webAuthN": {
"publicKeyCredentialRequestOptions": {
"publicKey": {
"allowCredentials": [
{
"id": "ATmqBg-99qyOZk2zloPdJQyS2R7IkFT7v9Hoos_B_nM",
"type": "public-key"
}
],
"challenge": "GAOHYz2jE69kJMYo6Laij8yWw9-dKKgbViNhfuy0StA",
"rpId": "localhost",
"timeout": 300000,
"userVerification": "required"
}
}
},
"otpSms": "string",
"otpEmail": "string"
}
}
Returned when the user does not have permission to access the resource.
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Returned when the resource does not exist.
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
An unexpected error response.
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}
Schema
- Array [
- ]
details object[]
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
}