POST
/
auth-sessions

Authorizations

Authorization
string
headerrequired

Your Conductor secret key using Bearer auth (e.g., "Authorization: Bearer {{YOUR_SECRET_KEY}}").

Body

application/json
publishableKey
string
required

Your Conductor publishable key, which we use to create the session’s authFlowUrl.

endUserId
string
required

The ID of the EndUser for whom to create the IntegrationConnection.

linkExpiryMins
number
default: 30

The number of minutes after which the AuthSession will expire. Must be at least 15 minutes and no more than 7 days. If not provided, defaults to 30 minutes.

redirectUrl
string

The URL to which Conductor will redirect the end-user to return to your app after they complete the authentication flow. If not provided, their browser tab will close instead.

Response

200 - application/json
id
string
required

The unique identifier for this AuthSession.

objectType
string
required

The type of object. This value is always "auth_session".

Allowed value: "auth_session"
createdAt
string
required

The date and time when this AuthSession was created.

endUserId
string
required

The ID of the EndUser for whom to create an IntegrationConnection.

clientSecret
string
required

The secret used in authFlowUrl to securely access the authentication flow.

authFlowUrl
string
required

The URL of the authentication flow that you will pass to your client for your user to set up their IntegrationConnection.

expiresAt
string
required

The date and time when this AuthSession expires. By default, this value is 30 minutes from creation. You can extend this time by setting linkExpiryMins when creating the AuthSession.

redirectUrl
string | null
required

The URL to which Conductor will redirect your user to return to your app after they complete the authentication flow. If null, their browser tab will close instead.

The AuthSession objectRetrieve an AuthSession