Create Session

Create a new session with initial checks, metadata and challenges for further verification. A token will be returned, which is required for using the session as authentication, e.g. when authenticating an OIDC auth request or SAML request. Additionally, the session token can be used as OAuth2 access token to authenticate against the Zitadel APIs.

Required permissions:

session.write

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

checks?

metadata?

Custom key value list to be stored on the session.

challenges?

userAgent?

lifetime?|

Duration after which the session will be automatically invalidated. If not set, the session will not expire automatically and must be deleted manually. Note that an expired session cannot be used for authentication anymore, but will still be listed until it is deleted.

Response Body

`application/json`

curl -X POST "https://loading/v2/sessions" \  -H "Content-Type: application/json" \  -d '{}'

{
  "details": {
    "sequence": 0,
    "changeDate": "2023-01-15T01:30:15.01Z",
    "resourceOwner": "string",
    "creationDate": "2023-01-15T01:30:15.01Z"
  },
  "sessionId": "string",
  "sessionToken": "string",
  "challenges": {
    "webAuthN": {
      "publicKeyCredentialRequestOptions": {
        "property1": {},
        "property2": {}
      }
    },
    "otpSms": "string",
    "otpEmail": "string"
  }
}

Request Body

Response Body

200application/json

`application/json`