Skip to main content
POST
/
v1
/
api
/
sdk
/
session
Register an SDK session
curl --request POST \
  --url http://service.authmatech.com/v1/api/sdk/session \
  --header 'Content-Type: application/json' \
  --header 'X-API-KEY: <api-key>' \
  --header 'X-CLIENT-ID: <x-client-id>' \
  --data '
{
  "sdkSessionId": "<string>",
  "mnoId": "<string>",
  "authmatechCodePresent": true,
  "authmatechCodeHash": "<string>",
  "deviceContext": {
    "deviceIdHash": "<string>",
    "installationIdHash": "<string>",
    "platform": "<string>",
    "osVersion": "<string>",
    "appVersion": "<string>",
    "deviceModel": "<string>",
    "manufacturer": "<string>",
    "sdkVersion": "<string>",
    "userAgent": "<string>"
  }
}
'
{}
Called by the Authmatech Web SDK and mobile SDKs after a successful header-enrichment call. It stores hashed device context linked to the identity token and returns an sdkSessionId that ties later Verify, Shield, and Detect calls to this device.
This endpoint authenticates with the narrow-scoped X-SDK-TOKEN header (plus X-CLIENT-ID) — not your server API key. It is the only endpoint the SDK token can call. The client’s IP address is captured server-side and is never accepted from the request body.
In normal integrations you don’t call this directly — the SDK does. Document here for reference and advanced flows.

Authorizations

X-API-KEY
string
header
required

Headers

X-CLIENT-ID
string
required

Body

application/json
sdkSessionId
string
mnoId
string
authmatechCodePresent
boolean
authmatechCodeHash
string
deviceContext
object

Response

200 - */*

OK

The response is of type object.