Managing your app's user sessions
Sessions facilitate secure interactions between an application and its users and apply to requests and responses associated with that particular user. To authenticate requests, Altogic uses two methods:
- API keys - The API key can be provided in the "Authorization" header of the RESTful API request or as a query parameter in the endpoint path with the name
apikey
. - Session tokens - For endpoints protected through a session, a valid session token needs to be provided in the "Session" header of the RESTful API request.
Altogic has several core nodes to create, update, get and delete sessions. Each session is associated with a user, and when creating a session, you need to provide the user's unique identifier. You can create multiple sessions for a user, assuming that the user can sign in to your application through multiple devices. The session object has the following information that you can use:
- userId - The unique identifier of the user that this session is associated with
- token - Session token which needs to be provided in request header for endpoints that required a session
- creationDtm - The date and time the session has been created
- accessGroupKeys - List of access group keys that are added to the session
- userAgent - Information about the device which has initiated the RESTFul API request (device, operating system, etc.)