Sessions resource (Shop API 19.3)

Summary

Http Method Resource Description
POST /sessions Exchanges a JWT token into a new session. If the given token is valid, creates a new session, which is associated with the authenticated or anonymous customer. All Set-Cookie headers for handling the session are applied on the response.

Once you created a session from a JWT token you can use this session and stateless OCAPI calls using the JWT in parallel. There is no additional need to call the bridging resources again.

When a session ID is sent in with the request, the specified session is ignored. Only the incoming JWT token is used to create a new session.

Exchange JWT token

Exchanges a JWT token into a new session. If the given token is valid, creates a new session, which is associated with the authenticated or anonymous customer. All Set-Cookie headers for handling the session are applied on the response.

Once you created a session from a JWT token you can use this session and stateless OCAPI calls using the JWT in parallel. There is no additional need to call the bridging resources again.

When a session ID is sent in with the request, the specified session is ignored. Only the incoming JWT token is used to create a new session.

Url

POST https://hostname:port/dw/shop/v19_3/sessions

Formats

json, xml

Authentication

Name Description
JWT Authentication via Customer JWT token.

Sample

REQUEST:
POST /dw/shop/v19_3/sessions HTTP/1.1
Host: example.com
Authorization: Bearer eyJfdiI6IjXXXXXX.eyJfdiI6IjEiLCJleHAXXXXXXX.-d5wQW4c4O4wt-Zkl7_fiEiALW1XXXX
Content-Length: 0

# in case of success:
 
RESPONSE:
HTTP/1.1 204 NO CONTENT
Set-Cookie : dwsecuretoken_a85a5236a2e852d714eb6f1585efb61c=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT;
Set-Cookie : dwsid=eXv5R3FZGI4BBfbK1Opk5s1mJ-41Aw7ZuaMKxeye5xa16fJMX--AnNkXsvmakbi1UZSzP1zoPmUILgoom1_jKg==;
Set-Cookie : dwanonymous_a85a5236a2e852d714eb6f1585efb61c=bdjalnzmfrkJ0FtYliwud5db67; Max-Age=15552000; 
Cache-Control: max-age=0,no-cache,no-store,must-revalidate

# in case the access token is invalid
 
RESPONSE:
HTTP/1.1 401 UNAUTHORIZED
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Content-Type: application/json;charset=UTF-8
Cache-Control: max-age=0,no-cache,no-store,must-revalidate
{
  "_v":"19.3",
  "_type":"fault",
  "fault":{
    "type":"InvalidAccessTokenException",
    "message":"Unauthorized request. Access token is invalid."
  }
}