Skip to content

Javascript-API - Session endpoint

Target audience: Developers

Warning

Please note: We do not recommend that you implement SSO using this system. This system will be obsolete in the future. Please implement Single Sign-On using Single Sign-On v2 (SSO2), read more here.

Introduction

This section describes the Payway Javascript API Session endpoint. This is intended for users whose implementation dont leverage the standard JS API implementation.

URI

Environment URI
Stage https://payway-api.stage.adeprimo.se/js/v2/session
Production https://backend.worldoftulo.com/js/v2/session

Requirements

  • Origin header. This is set automatically during CORS requests by the browser.
  • Allowed origin configured for API user in PAP.

Parameters

Field Required Type Description
Origin Required Header Origin header. This is set automatically during CORS requests by the browser
client_id Required String The client id for the API user
client_fields Optional String Comma separated
fields Optional String Comma separated

Response

Example response

{
    "iat": 1589878574,
    "nbf": 1589878274,
    "exp": 1589878874,
    "iss": "Tulo",
    "aud": "http://testing.com/",
    "prn": "5ec39f2e09c04c1e779905e9",
    "session": {
      "active": true,
      "verified": false,
      "sid": "id",
      "id": "5ec39f2e09c04c1e779905e9",
      "contact_email": "N/A",
      "display_name": "N/A",
      "has_offers": false
    },
    "signature": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODk4Nzg1NzQsIm5iZiI6MTU4OTg3ODI3NCwiZXhwIjoxNTg5ODc4ODc0LCJpc3MiOiJUdWxvIiwiYXVkIjoiaHR0cDovL3Rlc3RpbmcuY29tLyIsInBybiI6IjVlYzM5ZjJlMDljMDRjMWU3Nzk5MDVlOSIsInNlc3Npb24iOnsiYWN0aXZlIjp0cnVlLCJ2ZXJpZmllZCI6ZmFsc2UsInNpZCI6ImlkIiwiaWQiOiI1ZWMzOWYyZTA5YzA0YzFlNzc5OTA1ZTkiLCJjb250YWN0X2VtYWlsIjoiTi9BIiwiZGlzcGxheV9uYW1lIjoiTi9BIiwiaGFzX29mZmVycyI6ZmFsc2V9fQ.AjbZjF31Dz44g131NO647OKctNks3uJvruChuG0fPlI"
  }

Errors

Origin not allowed
{
  "status": "error",
  "message": "Forbidden"
}
Origin not set
{
  "status": "error",
  "code": "required_field",
  "field": "HTTP_ORIGIN",
  "message": "HTTP_ORIGIN required"
}