Create a new session

POST /v2beta/sessions

Create a new session. A token will be returned, which is required for further updates of the session.

Request

application/json
application/grpc
application/grpc-web+proto

Body

required

checks

object

"Check for user and password. Successful checks will be stated as factors on the session."

user

object

"checks the user and updates the session on success"

userId string

Possible values: non-empty and <= 200 characters

loginName string

Possible values: non-empty and <= 200 characters

password

object

"Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

password string

Possible values: non-empty and <= 200 characters

webAuthN

object

"Checks the public key credential issued by the WebAuthN client. Requires that the user is already checked and a WebAuthN challenge to be requested, in any previous request."

credentialAssertionData objectrequired

Possible values: >= 55 characters and <= 1048576 characters

JSON representation of public key credential issued by the webAuthN client

idpIntent

object

"Checks the IDP intent. Requires that the userlink is already checked and a successful idp intent."

idpIntentId string

Possible values: non-empty and <= 200 characters

ID of the idp intent, previously returned on the success response of the IDP callback

idpIntentToken string

Possible values: non-empty and <= 200 characters

token of the idp intent, previously returned on the success response of the IDP callback

totp

object

"Checks the Time-based One-Time Password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

code string

Possible values: >= 6 characters and <= 6 characters

otpSms

object

"Checks the One-Time Password sent over SMS and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

code string

Possible values: non-empty

otpEmail

object

"Checks the One-Time Password sent over Email and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

code string

Possible values: non-empty

metadata

object

"custom key value list to be stored on the session"

property name* byte

challenges

object

webAuthN

object

domain stringrequired

"Domain on which the session was created. Will be used in the WebAuthN challenge."

userVerificationRequirement stringrequired

Possible values: [USER_VERIFICATION_REQUIREMENT_UNSPECIFIED, USER_VERIFICATION_REQUIREMENT_REQUIRED, USER_VERIFICATION_REQUIREMENT_PREFERRED, USER_VERIFICATION_REQUIREMENT_DISCOURAGED]

Default value: USER_VERIFICATION_REQUIREMENT_UNSPECIFIED

"User verification that is required during validation. When set to USER_VERIFICATION_REQUIREMENT_REQUIRED the behaviour is for passkey authentication. Other values will mean U2F"

otpSms

object

returnCode boolean

otpEmail

object

sendCode

object

urlTemplate string

Possible values: non-empty and <= 200 characters

"Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used."

returnCode object

userAgent

object

fingerprintId string

ip string

description string

header

object

property name*

object

A header may have multiple values. In Go, headers are defined as map[string][]string, but protobuf doesn't allow this scheme.

values string[]

lifetime string

"duration (in seconds) after which the session will be automatically invalidated"

Body

required

checks

object

"Check for user and password. Successful checks will be stated as factors on the session."

user

object

"checks the user and updates the session on success"

userId string

Possible values: non-empty and <= 200 characters

loginName string

Possible values: non-empty and <= 200 characters

password

object

"Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

password string

Possible values: non-empty and <= 200 characters

webAuthN

object

"Checks the public key credential issued by the WebAuthN client. Requires that the user is already checked and a WebAuthN challenge to be requested, in any previous request."

credentialAssertionData objectrequired

Possible values: >= 55 characters and <= 1048576 characters

JSON representation of public key credential issued by the webAuthN client

idpIntent

object

"Checks the IDP intent. Requires that the userlink is already checked and a successful idp intent."

idpIntentId string

Possible values: non-empty and <= 200 characters

ID of the idp intent, previously returned on the success response of the IDP callback

idpIntentToken string

Possible values: non-empty and <= 200 characters

token of the idp intent, previously returned on the success response of the IDP callback

totp

object

"Checks the Time-based One-Time Password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

code string

Possible values: >= 6 characters and <= 6 characters

otpSms

object

"Checks the One-Time Password sent over SMS and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

code string

Possible values: non-empty

otpEmail

object

"Checks the One-Time Password sent over Email and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

code string

Possible values: non-empty

metadata

object

"custom key value list to be stored on the session"

property name* byte

challenges

object

webAuthN

object

domain stringrequired

"Domain on which the session was created. Will be used in the WebAuthN challenge."

userVerificationRequirement stringrequired

Possible values: [USER_VERIFICATION_REQUIREMENT_UNSPECIFIED, USER_VERIFICATION_REQUIREMENT_REQUIRED, USER_VERIFICATION_REQUIREMENT_PREFERRED, USER_VERIFICATION_REQUIREMENT_DISCOURAGED]

Default value: USER_VERIFICATION_REQUIREMENT_UNSPECIFIED

"User verification that is required during validation. When set to USER_VERIFICATION_REQUIREMENT_REQUIRED the behaviour is for passkey authentication. Other values will mean U2F"

otpSms

object

returnCode boolean

otpEmail

object

sendCode

object

urlTemplate string

Possible values: non-empty and <= 200 characters

"Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used."

returnCode object

userAgent

object

fingerprintId string

ip string

description string

header

object

property name*

object

A header may have multiple values. In Go, headers are defined as map[string][]string, but protobuf doesn't allow this scheme.

values string[]

lifetime string

"duration (in seconds) after which the session will be automatically invalidated"

Body

required

checks

object

"Check for user and password. Successful checks will be stated as factors on the session."

user

object

"checks the user and updates the session on success"

userId string

Possible values: non-empty and <= 200 characters

loginName string

Possible values: non-empty and <= 200 characters

password

object

"Checks the password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

password string

Possible values: non-empty and <= 200 characters

webAuthN

object

"Checks the public key credential issued by the WebAuthN client. Requires that the user is already checked and a WebAuthN challenge to be requested, in any previous request."

credentialAssertionData objectrequired

Possible values: >= 55 characters and <= 1048576 characters

JSON representation of public key credential issued by the webAuthN client

idpIntent

object

"Checks the IDP intent. Requires that the userlink is already checked and a successful idp intent."

idpIntentId string

Possible values: non-empty and <= 200 characters

ID of the idp intent, previously returned on the success response of the IDP callback

idpIntentToken string

Possible values: non-empty and <= 200 characters

token of the idp intent, previously returned on the success response of the IDP callback

totp

object

"Checks the Time-based One-Time Password and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

code string

Possible values: >= 6 characters and <= 6 characters

otpSms

object

"Checks the One-Time Password sent over SMS and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

code string

Possible values: non-empty

otpEmail

object

"Checks the One-Time Password sent over Email and updates the session on success. Requires that the user is already checked, either in the previous or the same request."

code string

Possible values: non-empty

metadata

object

"custom key value list to be stored on the session"

property name* byte

challenges

object

webAuthN

object

domain stringrequired

"Domain on which the session was created. Will be used in the WebAuthN challenge."

userVerificationRequirement stringrequired

Possible values: [USER_VERIFICATION_REQUIREMENT_UNSPECIFIED, USER_VERIFICATION_REQUIREMENT_REQUIRED, USER_VERIFICATION_REQUIREMENT_PREFERRED, USER_VERIFICATION_REQUIREMENT_DISCOURAGED]

Default value: USER_VERIFICATION_REQUIREMENT_UNSPECIFIED

"User verification that is required during validation. When set to USER_VERIFICATION_REQUIREMENT_REQUIRED the behaviour is for passkey authentication. Other values will mean U2F"

otpSms

object

returnCode boolean

otpEmail

object

sendCode

object

urlTemplate string

Possible values: non-empty and <= 200 characters

"Optionally set a url_template, which will be used in the mail sent by ZITADEL to guide the user to your verification page. If no template is set, the default ZITADEL url will be used."

returnCode object

userAgent

object

fingerprintId string

ip string

description string

header

object

property name*

object

A header may have multiple values. In Go, headers are defined as map[string][]string, but protobuf doesn't allow this scheme.

values string[]

lifetime string

"duration (in seconds) after which the session will be automatically invalidated"

Responses

200
403
404
default

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

resourceOwner resource_owner is the organization or instance_id an object belongs to (string)

sessionId string

"id of the session"

sessionToken string

"The current token of the session, which is required for delete session, get session or the request of other resources."

challenges

object

webAuthN

object

publicKeyCredentialRequestOptions object

Options for Assertion Generaration (dictionary PublicKeyCredentialRequestOptions). Generated helper methods transform the field to JSON, for use in a WebauthN client. See also: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialrequestoptions

otpSms string

otpEmail string

{
  "details": {
    "sequence": "2",
    "changeDate": "2024-06-25T14:04:24.118Z",
    "resourceOwner": "69629023906488334"
  },
  "sessionId": "222430354126975533",
  "sessionToken": "string",
  "challenges": {
    "webAuthN": {
      "publicKeyCredentialRequestOptions": {
        "publicKey": {
          "allowCredentials": [
            {
              "id": "ATmqBg-99qyOZk2zloPdJQyS2R7IkFT7v9Hoos_B_nM",
              "type": "public-key"
            }
          ],
          "challenge": "GAOHYz2jE69kJMYo6Laij8yWw9-dKKgbViNhfuy0StA",
          "rpId": "localhost",
          "timeout": 300000,
          "userVerification": "required"
        }
      }
    },
    "otpSms": "string",
    "otpEmail": "string"
  }
}

Schema
Example (from schema)

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

resourceOwner resource_owner is the organization or instance_id an object belongs to (string)

sessionId string

"id of the session"

sessionToken string

"The current token of the session, which is required for delete session, get session or the request of other resources."

challenges

object

webAuthN

object

publicKeyCredentialRequestOptions object

otpSms string

otpEmail string

{
  "details": {
    "sequence": "2",
    "changeDate": "2024-06-25T14:04:24.119Z",
    "resourceOwner": "69629023906488334"
  },
  "sessionId": "222430354126975533",
  "sessionToken": "string",
  "challenges": {
    "webAuthN": {
      "publicKeyCredentialRequestOptions": {
        "publicKey": {
          "allowCredentials": [
            {
              "id": "ATmqBg-99qyOZk2zloPdJQyS2R7IkFT7v9Hoos_B_nM",
              "type": "public-key"
            }
          ],
          "challenge": "GAOHYz2jE69kJMYo6Laij8yWw9-dKKgbViNhfuy0StA",
          "rpId": "localhost",
          "timeout": 300000,
          "userVerification": "required"
        }
      }
    },
    "otpSms": "string",
    "otpEmail": "string"
  }
}

Schema
Example (from schema)

Schema

details

object

sequence uint64

on read: the sequence of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

changeDate date-time

on read: the timestamp of the last event reduced by the projection

on manipulation: the timestamp of the event(s) added by the manipulation

resourceOwner resource_owner is the organization or instance_id an object belongs to (string)

sessionId string

"id of the session"

sessionToken string

"The current token of the session, which is required for delete session, get session or the request of other resources."

challenges

object

webAuthN

object

publicKeyCredentialRequestOptions object

otpSms string

otpEmail string

{
  "details": {
    "sequence": "2",
    "changeDate": "2024-06-25T14:04:24.119Z",
    "resourceOwner": "69629023906488334"
  },
  "sessionId": "222430354126975533",
  "sessionToken": "string",
  "challenges": {
    "webAuthN": {
      "publicKeyCredentialRequestOptions": {
        "publicKey": {
          "allowCredentials": [
            {
              "id": "ATmqBg-99qyOZk2zloPdJQyS2R7IkFT7v9Hoos_B_nM",
              "type": "public-key"
            }
          ],
          "challenge": "GAOHYz2jE69kJMYo6Laij8yWw9-dKKgbViNhfuy0StA",
          "rpId": "localhost",
          "timeout": 300000,
          "userVerification": "required"
        }
      }
    },
    "otpSms": "string",
    "otpEmail": "string"
  }
}

Returned when the user does not have permission to access the resource.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Returned when the resource does not exist.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

An unexpected error response.

application/json
application/grpc
application/grpc-web+proto

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Schema
Example (from schema)

Schema

code int32

message string

details

object[]

Array [

@type string

]

{
  "code": 0,
  "message": "string",
  "details": [
    {
      "@type": "string"
    }
  ]
}

Create a new session

/v2beta/sessions

Request​

Body

Body

Body

Responses​

Request

Responses