Skip to main content

Phase 2: Session Management

Session management handles user authentication and maintains user state across API calls using JWT tokens.

Overview


Create Session (Login)

Endpoint: POST /api/v2.1/customer/individual/{customerId}/users/{userId}/sessionsPath Parameters:
  • customerId: Customer UUID from registration
  • userId: User UUID from registration
Request Body:

JWT Token Structure

Decoded Token

Token Claims


Using the JWT Token

Include the token in all subsequent API calls:
Token Expiry: Tokens expire after 1 hour. Use the refresh token to obtain a new access token before expiry.

Delete Session (Logout)

Endpoint: DELETE /api/v2.1/customer/individual/{customerId}/users/{userId}/sessions/{sessionId}Headers:

Session Security

Lockout Policy

Session Metadata Captured

  • Client IP address
  • User agent string
  • Platform information
  • Creation timestamp
  • Last activity timestamp

Next Step

After creating a session, proceed to Phase 3: Verification to complete KYC verification.

Phase 3: Verification

Submit identity documents for KYC verification