Server Side API

Verify Session

Available For: All Plans

Verifies the user's Just Sign In session. If valid, it returns details about the user and the session.

Only call the API from your secure backend server environment.
Never call this from a client such as Web or Mobile.
URL
https://www.justsignin.com/api/v1/server/getSession
Protocol
HTTPS
Method
POST
Header
Content-Type: application/json; charset=utf-8

Request Body

The request body is a JSON object sent as the body of the HTTPS POST. The request body should include the following pramaters.

appId
String
Required
The ID of your Just Sign In website configured in the dashboard.
appSecret
String
Required
One of the App Secrets you created for the website referenced by the appId.
sessionId
String
Required
The user's Just Sign In session id. Just Sign In stores this in a cookie named "jsis" for your server side code to retrieve. You can also find this within the user's browser by calling "jsi.getSession()".
Example JSON POST Body (with pretend example values)
{
  "appId": "131889432817531002",
  "appSecret": "FCGAYPQP73U47ASKOWRPIOP7DPIY",
  "sessionId": "111770523408422991"
}

Responses

200 - Success

A successful call will return details about the session and the user in a JSON object.

HTTP 200 JSON Response
{
  "session": {
    "id": "111770523408422991",
    "expiresUTC": "2023-03-12T11:27:53Z",
    "user": {
      "id": "103580417282062244",
      "email": "johndoe999@gmail.com",
      "firstName": "John",
      "lastName": "Doe",
      "fullName": "John Doe"
    }
  }
}

401 - Invalid Session ID

For security purposes when you pass an invalid sessionId the API will respond with an HTTP 401 Access Denied code. This is the same error you would receive if you passed an invalid appId or appSecret.

HTTP 401 JSON Response
{
  "error": "Access Denied!"
}
< AuthenticationCreate New User >