Managing sessions in the FinHub API Production Environment
Component | Description | Usage |
---|---|---|
userSessionToken | JWT token for user session validation | Used for session validation and contains user identity claims |
refreshToken | Token used to obtain a new session token without re-authentication | Used when the session token expires |
customerId | Unique identifier for the customer | Reference in customer-related operations |
tenantId | Identifier for the tenant | Used for multi-tenant operations |
Header | Description | Required | Example |
---|---|---|---|
Authorization | Bearer token for authentication | Yes | Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... |
X-Activity-ID | UUID that identifies a specific user activity or flow | Yes | 550e8400-e29b-41d4-a716-446655440000 |
X-Tenant-ID | Tenant identifier for multi-tenant operations | Yes | 1234567 |
X-Request-ID | Unique identifier for each request for traceability | Yes | 123e4567-e89b-12d3-a456-426614174000 |
X-Session-ID | Session identifier for session tracking | Yes | session-12345678 |
X-Correlation-ID | Identifier for request correlation across services | Yes | corr-12345678 |
Platform | Recommended Storage | Implementation |
---|---|---|
Web Browser | HttpOnly cookies with SameSite=Strict | Use a secure cookie library with proper flags |
Mobile Apps | Secure Keychain (iOS), Keystore (Android) | Use platform-specific secure storage APIs |
Server-side | Hardware Security Module (HSM) | Use HSM integration for token storage |
Feature | Integration | Production |
---|---|---|
Token Expiration | Standard (3600s) | Shorter (1800s) |
Required Headers | Basic set | Comprehensive set |
Session Monitoring | Basic | Enterprise-grade |
Concurrent Sessions | Unlimited | Limited and monitored |
Session Anomaly Detection | Limited | Comprehensive |