Skip to main content
POST
/
api
/
v2.1
/
customer
/
individual
/
{customerId}
/
users
/
{userId}
/
sessions
Create customer session
curl --request POST \
  --url https://sandbox.finhub.cloud/api/v2.1/customer/individual/{customerId}/users/{userId}/sessions \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: application/json' \
  --header 'User-Agent: <user-agent>' \
  --header 'X-Forwarded-For: <x-forwarded-for>' \
  --header 'X-Forwarded-From: <x-forwarded-from>' \
  --header 'X-Tenant-ID: <x-tenant-id>' \
  --header 'deviceId: <deviceid>' \
  --header 'platform: <platform>' \
  --data '
{
  "username": "marcus.jensen.1773494532320.cmcdd1@mediumrisk-example.com",
  "password": "SecurePass123!",
  "tenantKey": "z6B8H1XAeYSxZbuIlAT1NIRh6Aga",
  "tenantSecret": "zb9anCFp2f2UJNWlGhtB8brsgAca",
  "credentialType": "PASSWORD",
  "value": "marcus.jensen.1773494532320.cmcdd1@mediumrisk-example.com",
  "tenantId": "97e7ff29-15f3-49ef-9681-3bbfcce4f6cd"
}
'
{
  "code": 200,
  "message": "Success",
  "data": {
    "sessionId": "4a511e37-d2d8-4f2f-99ad-92ff5ddea020",
    "userId": "6r1k1hw6npq",
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJiZmYiLCJhdWQiOiJiZmYtY2xpZW50cyIsInN1YiI6IjZyMWsxaHc2bnBxIiwiZXhwIjoxNzY4MzAyMjIyLCJpYXQiOjE3NjgyOTg2MjIsInRlbmFudElkIjoiZDFlMmYzYTQtYjVjNi00N2Q4LTllMGYtMWEyYjNjNGQ1ZTZmIiwiY3VzdG9tZXJJZCI6ImZmNzJhMTk2LTQyNmEtNGFiMy1hMmQzLWU0YzU4M2E5YmM4OCIsInVzZXJJZCI6IjZyMWsxaHc2bnBxIiwidXNlclR5cGUiOiJDT05TVU1FUiIsInJvbGVzIjpbIlVTRVIiXSwianRpIjoiMWZjYjU5YjMtMzhlOS00YWUxLWFhZTUtNmRhMDBkMDE0M2I0In0.yHXQl_MDoxDEMV9l_0iVIzy0bBkCJ3SwS557-mI9er0",
    "refreshToken": "39915084-484f-46e5-bd8d-aaf7366787da-6r1k1hw6npq-cvK_9XDw",
    "expiresAt": "2026-01-14T10:03:42.197811165",
    "success": true,
    "message": "Session created successfully",
    "errorType": "NONE"
  }
}

Individual Sessions API

Create, update, and manage authentication sessions for individual customers.
Base URL: https://sandbox.finhub.cloud

Available Operations

Create

POST - Login

Get

GET - View session

Update

PUT - Refresh

Delete

DELETE - Logout

Create Session

Creates a new authentication session for customer login.

Request

For complete details on authentication, compliance headers, and SDK implementation examples, refer to the Standard HTTP Headers reference documentation.
customerId
string
required
Customer identifier
userId
string
required
User identifier
X-Tenant-ID
string
required
Tenant identifierExample: 97e7ff29-15f3-49ef-9681-3bbfcce4f6cd
Content-Type
string
required
Must be application/json
Accept
string
Response format (optional — defaults to application/json)Example: application/json, text/plain, */*
X-Forwarded-From
string
required
Source identifier for request origin trackingExample: e2e-test
User-Agent
string
required
Client application identifier — required by the global request filterExample: YourApp/1.0 or Mozilla/5.0 (Windows NT 10.0; Win64; x64)
platform
string
required
Client platform identifier. Also accepted as sec-ch-ua-platformExample: web
deviceId
string
required
Unique device identifier for session tracking. Also accepted as X-Device-Id or device-idExample: 356938035643809
sec-ch-ua-platform
string
Browser client hint for OS platform (accepted alias for platform)Example: "Windows"

Request Body

username
string
required
Customer username or emailExample: marcus.jensen@example.com
password
string
required
Customer password
Never log or expose passwords in client-side code
tenantKey
string
required
Your tenant API keyExample: cvK_9XDw5g_Y_8aUtRQgPyX4aTBbObtain from Admin Portal → API Settings
tenantSecret
string
required
Your tenant API secret
Keep this secret secure! Never expose in client-side code.

Code Examples

curl -X POST "https://sandbox.finhub.cloud/api/v2.1/customer/individual/ff72a196-426a-4ab3-a2d3-e4c583a9bc88/users/56305c2b-f13a-48e4-b462-ba55460b2ad9/sessions" \
  -H "Accept: application/json, text/plain, */*" \
  -H "Content-Type: application/json" \
  -H "X-Tenant-ID: 97e7ff29-15f3-49ef-9681-3bbfcce4f6cd" \
  -H "X-Forwarded-From: e2e-test" \
  -H "platform: web" \
  -H "deviceId: 356938035643809" \
  -d '{
    "username": "marcus.jensen@example.com",
    "password": "your_secure_password",
    "tenantKey": "cvK_9XDw5g_Y_8aUtRQgPyX4aTBb",
    "tenantSecret": "your_tenant_secret"
  }'

{
  "code": 200,
  "message": "Success",
  "data": {
    "sessionId": "4a511e37-d2d8-4f2f-99ad-92ff5ddea020",
    "userId": "6r1k1hw6npq",
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJiZmYiLCJhdWQiOiJiZmYtY2xpZW50cyIsInN1YiI6IjZyMWsxaHc2bnBxIiwiZXhwIjoxNzY4MzAyMjIyLCJpYXQiOjE3NjgyOTg2MjIsInRlbmFudElkIjoiZDFlMmYzYTQtYjVjNi00N2Q4LTllMGYtMWEyYjNjNGQ1ZTZmIiwiY3VzdG9tZXJJZCI6ImZmNzJhMTk2LTQyNmEtNGFiMy1hMmQzLWU0YzU4M2E5YmM4OCIsInVzZXJJZCI6IjZyMWsxaHc2bnBxIiwidXNlclR5cGUiOiJDT05TVU1FUiIsInJvbGVzIjpbIlVTRVIiXSwianRpIjoiMWZjYjU5YjMtMzhlOS00YWUxLWFhZTUtNmRhMDBkMDE0M2I0In0.yHXQl_MDoxDEMV9l_0iVIzy0bBkCJ3SwS557-mI9er0",
    "refreshToken": "39915084-484f-46e5-bd8d-aaf7366787da-6r1k1hw6npq-cvK_9XDw",
    "expiresAt": "2026-01-14T10:03:42.197811165",
    "success": true,
    "message": "Session created successfully",
    "errorType": "NONE"
  }
}

Delete Session (Logout)

Terminates an active session, logging the user out.

Code Examples

curl -X DELETE "https://sandbox.finhub.cloud/api/v2.1/customer/individual/cust_12345/users/user_67890/sessions/sess_abc123" \
  -H "Accept: application/json, text/plain, */*" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "X-Tenant-ID: 97e7ff29-15f3-49ef-9681-3bbfcce4f6cd" \
  -H "X-Forwarded-From: e2e-test" \
  -H "platform: web" \
  -H "deviceId: 356938035643809"

{
  "success": true,
  "data": {
    "sessionId": "sess_abc123",
    "status": "TERMINATED",
    "terminatedAt": "2024-01-15T11:00:00Z"
  }
}

Response Codes

CodeDescription
200Session operation successful
201Session created successfully
400Invalid request
401Unauthorized
404Session or customer not found
500Internal server error

API Schema Reference

For the complete OpenAPI schema specification of this endpoint, including all request and response structures, see the API Schema Mapping document.

Standard Headers

Complete HTTP headers reference for compliance

Individual Registration

Register new individual customers

Individual Activation

Activate customer accounts

Verification Management

Complete KYC verification process

Headers

User-Agent
string
required

Browser user agent

Example:

"Mozilla/5.0"

X-Forwarded-For
string
required

Client/application Ip address

Example:

"192.168.0.1"

X-Forwarded-From
string
required

Client/application identifier for request source tracking

Example:

"playground"

X-Tenant-ID
string
required

Tenant identifier

Example:

"97e7ff29-15f3-49ef-9681-3bbfcce4f6cd"

platform
string
required

Client platform identifier. Also accepted as sec-ch-ua-platform

Example:

"web"

deviceId
string
required

Device identifier

Example:

"e2e-test-device"

Authorization
string
required

Bearer token from admin or customer session creation

Example:

"Bearer <token>"

Path Parameters

customerId
string
required

Individual customer identifier (UUID)

Example:

"ff72a196-426a-4ab3-a2d3-e4c583a9bc88"

userId
string
required

User identifier (UUID)

Example:

"56305c2b-f13a-48e4-b462-ba55460b2ad9"

Body

application/json
username
string
required
Example:

"marcus.jensen.1773494532320.cmcdd1@mediumrisk-example.com"

password
string
required
Example:

"SecurePass123!"

tenantKey
string
required
Example:

"z6B8H1XAeYSxZbuIlAT1NIRh6Aga"

tenantSecret
string
required
Example:

"zb9anCFp2f2UJNWlGhtB8brsgAca"

credentialType
string
Example:

"PASSWORD"

value
string
Example:

"marcus.jensen.1773494532320.cmcdd1@mediumrisk-example.com"

tenantId
string
Example:

"97e7ff29-15f3-49ef-9681-3bbfcce4f6cd"

Response

200

OK