Authentication, Authorization and Security

SessionM APIs operate with state-of-the-art authentication, authorization and security features. The APIs are accessible to engineering and services professionals via server-to-server communication protocols, which allow the platform to unify user actions for improved reporting. HTTP basic authorization protocol is available for server-to-server communication supporting registered users, requiring a username as its application API key and a password as a base64 encoded application secret.

Following is a sample request made via a Curl command:

curl --location --request POST
'https://api-tenant1.ent-sessionm.com/priv/v1/apps/{{apikey}}/users' \ 
--header 'Authorization:Basic {{base64 encoded output of apikey:apisecret}}'\ 
--header 'Content-Type:application/json'\ 
--data-raw '{"user":{"email":"foo@bar.com"}}'

Server-to-Server

Server-to-server communications can use either HTTP basic or HTTP bearer authorization protocols. For the basic protocol, each request must contain an API key and server-to-server API secret supplied by the SessionM Platform; for the bearer protocol, each request must contain an authorization token in an HTTP header. All requests must be made over HTTPS.

As an additional security measure, access to APIs lives behind a basic authentication layer and can be additionally IP-restricted to meet the security requirements of specific client needs. These credentials are always required for server-to-server communication with the SessionM Platform.

In order to begin using any server-to-server APIs, the client must first request an API key and server-to-server API Secret issued from the SessionM Platform. For more information, see Before You Begin.