Managing sessions in the FinHub API Integration Environment
Component | Description | Usage |
---|---|---|
userSessionToken | JWT token for user session validation | Used for session validation and contains user identity claims |
refreshToken | Token used to obtain a new session token without re-authentication | Used when the session token expires |
customerId | Unique identifier for the customer | Reference in customer-related operations |
tenantId | Identifier for the tenant | Used for multi-tenant operations |
Header | Description | Required | Example |
---|---|---|---|
Authorization | Bearer token for authentication | Yes | Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... |
X-Activity-ID | UUID that identifies a specific user activity or flow | Yes | 550e8400-e29b-41d4-a716-446655440000 |
X-Tenant-ID | Tenant identifier for multi-tenant operations | Yes | 1234567 |
X-Session-ID | Optional session identifier for session tracking | No | session-12345678 |
X-Correlation-ID | Optional identifier for request correlation | No | corr-12345678 |
Platform | Recommended Storage | Not Recommended |
---|---|---|
Web Browser | HttpOnly cookies, Session Storage | Local Storage, JavaScript variables |
Mobile Apps | Secure Keychain (iOS), Keystore (Android) | SharedPreferences, UserDefaults |
Server-side | Encrypted database, Redis | Environment variables, config files |
Feature | Playground | Integration |
---|---|---|
Token Expiration | Longer (10000s) | Standard (3600s) |
Refresh Token | Not provided | Provided |
Session Headers | Basic | Comprehensive |
Security Requirements | Lenient | Strict |