Javascript-API - Session endpoint
Target audience: Developers
Warning
Please note: We do not recommend that you implement SSO using this system. This system will be obsolete in the future.
Please implement Single Sign-On using Single Sign-On v2 (SSO2), read more here.
Introduction
This section describes the Payway Javascript API Session endpoint.
This is intended for users whose implementation dont leverage the standard JS API implementation.
URI
Environment |
URI |
Stage |
https://payway-api.stage.adeprimo.se/js/v2/session |
Production |
https://backend.worldoftulo.com/js/v2/session |
Requirements
- Origin header. This is set automatically during CORS requests by the browser.
- Allowed origin configured for API user in PAP.
Parameters
Field |
Required |
Type |
Description |
Origin |
Required |
Header |
Origin header. This is set automatically during CORS requests by the browser |
client_id |
Required |
String |
The client id for the API user |
client_fields |
Optional |
String |
Comma separated |
fields |
Optional |
String |
Comma separated |
Response
Example response
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 | {
"iat": 1589878574,
"nbf": 1589878274,
"exp": 1589878874,
"iss": "Tulo",
"aud": "http://testing.com/",
"prn": "5ec39f2e09c04c1e779905e9",
"session": {
"active": true,
"verified": false,
"sid": "id",
"id": "5ec39f2e09c04c1e779905e9",
"contact_email": "N/A",
"display_name": "N/A",
"has_offers": false
},
"signature": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODk4Nzg1NzQsIm5iZiI6MTU4OTg3ODI3NCwiZXhwIjoxNTg5ODc4ODc0LCJpc3MiOiJUdWxvIiwiYXVkIjoiaHR0cDovL3Rlc3RpbmcuY29tLyIsInBybiI6IjVlYzM5ZjJlMDljMDRjMWU3Nzk5MDVlOSIsInNlc3Npb24iOnsiYWN0aXZlIjp0cnVlLCJ2ZXJpZmllZCI6ZmFsc2UsInNpZCI6ImlkIiwiaWQiOiI1ZWMzOWYyZTA5YzA0YzFlNzc5OTA1ZTkiLCJjb250YWN0X2VtYWlsIjoiTi9BIiwiZGlzcGxheV9uYW1lIjoiTi9BIiwiaGFzX29mZmVycyI6ZmFsc2V9fQ.AjbZjF31Dz44g131NO647OKctNks3uJvruChuG0fPlI"
}
|
Errors
Origin not allowed
| {
"status": "error",
"message": "Forbidden"
}
|
Origin not set
| {
"status": "error",
"code": "required_field",
"field": "HTTP_ORIGIN",
"message": "HTTP_ORIGIN required"
}
|