> ## Documentation Index
> Fetch the complete documentation index at: https://docs.forestreet.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Get session ID
>
Create new session using a valid API key, which will return a JWT token in the response.
This allows API users to create a timed session from the backend, before passing the resultant
JWT token to an unauthenticated frontend application. This prevents any risks of the API key
being exposed to the frontend application.
See also [the `PUT /v2/auth/session` endpoint](/api-reference/endpoints/auth/set-session-cookies).
## OpenAPI
````yaml get /v2/auth/session
openapi: 3.0.0
info:
title: Forestreet API
version: 1.0.0
description: API documentation for Forestreet API
servers:
- url: https://rest.forestreet.com
description: Forestreet API V2 server
security:
- apiKeyAuth: []
- bearerAuth: []
- sessionIdQuery: []
tags: []
paths:
/v2/auth/session:
get:
tags:
- Auth
summary: Get session ID
description: |2-
Create new session using a valid API key, which will return a JWT token in the response.
This allows API users to create a timed session from the backend, before passing the resultant
JWT token to an unauthenticated frontend application. This prevents any risks of the API key
being exposed to the frontend application.
See also [the `PUT /v2/auth/session` endpoint](/api-reference/endpoints/auth/set-session-cookies).
parameters:
- schema:
type: string
minLength: 1
description: API key for authentication.
required: true
description: API key for authentication.
name: x-api-key
in: header
responses:
'200':
description: Session created successfully
content:
application/json:
schema:
type: object
properties:
message:
type: string
description: Message from the server.
accessToken:
type: string
pattern: ^[A-Za-z0-9-_]+(?:\.[A-Za-z0-9-_]+)+$
description: Access token for the user.
refreshToken:
type: string
pattern: ^[A-Za-z0-9-_]+(?:\.[A-Za-z0-9-_]+)+$
description: Refresh token for the user.
expiresIn:
type: number
description: Expires duration for the access token.
expiresAt:
type: number
description: Expires timestamp for the access token.
required:
- message
- accessToken
- refreshToken
- expiresIn
- expiresAt
'400':
description: Bad Request - Invalid input
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
enum:
- false
errorCode:
type: string
enum:
- USER_NOT_CONFIRMED
- INVALID_CREDENTIALS
- INCOMPLETE_CREDENTIALS
- INVALID_SESSION_TOKEN
- FORCE_CHANGE_PASSWORD
- PASSWORD_RESET_REQUIRED
- PASSWORD_EXPIRED
- CODE_EXPIRED
- SESSION_EXPIRED
- UNAUTHORISED
- AUTHENTICATOR_ERROR
- SSO_ACCOUNT
- FORBIDDEN
- METHOD_NOT_ALLOWED
- INVALID_INPUT
- PATH_VALIDATION_FAILED
- QUERY_VALIDATION_FAILED
- BODY_VALIDATION_FAILED
- RESPONSE_VALIDATION_FAILED
- INVALID_OR_MALFORMED_JSON
- INTERNAL_SERVER_ERROR
- CONFIGURATION_ERROR
- SERVICE_UNAVAILABLE
- NOT_FOUND
- CONFLICT
- LIMIT_EXCEEDED
- REVIEW_ALREADY_PENDING
- REVIEW_NOT_PENDING
- REVIEW_PENDING
- REVIEW_INSUFFICIENT_DOMAINS
- QUOTA_EXCEEDED
- UNSUPPORTED_ENDPOINT_VERSION
- ENDPOINT_NOT_FOUND
- ENDPOINT_ALREADY_EXISTS
message:
type: string
detail:
type: object
additionalProperties:
nullable: true
required:
- success
- errorCode
examples:
INVALID_INPUT:
value:
success: false
errorCode: INVALID_INPUT
message: Bad Request - Invalid input
'401':
description: Unauthorized - Invalid credentials, token or cookies
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
enum:
- false
errorCode:
type: string
enum:
- USER_NOT_CONFIRMED
- INVALID_CREDENTIALS
- INCOMPLETE_CREDENTIALS
- INVALID_SESSION_TOKEN
- FORCE_CHANGE_PASSWORD
- PASSWORD_RESET_REQUIRED
- PASSWORD_EXPIRED
- CODE_EXPIRED
- SESSION_EXPIRED
- UNAUTHORISED
- AUTHENTICATOR_ERROR
- SSO_ACCOUNT
- FORBIDDEN
- METHOD_NOT_ALLOWED
- INVALID_INPUT
- PATH_VALIDATION_FAILED
- QUERY_VALIDATION_FAILED
- BODY_VALIDATION_FAILED
- RESPONSE_VALIDATION_FAILED
- INVALID_OR_MALFORMED_JSON
- INTERNAL_SERVER_ERROR
- CONFIGURATION_ERROR
- SERVICE_UNAVAILABLE
- NOT_FOUND
- CONFLICT
- LIMIT_EXCEEDED
- REVIEW_ALREADY_PENDING
- REVIEW_NOT_PENDING
- REVIEW_PENDING
- REVIEW_INSUFFICIENT_DOMAINS
- QUOTA_EXCEEDED
- UNSUPPORTED_ENDPOINT_VERSION
- ENDPOINT_NOT_FOUND
- ENDPOINT_ALREADY_EXISTS
message:
type: string
detail:
type: object
additionalProperties:
nullable: true
required:
- success
- errorCode
examples:
UNAUTHORISED:
value:
success: false
errorCode: UNAUTHORISED
message: Unauthorized - Invalid credentials, token or cookies
components:
securitySchemes:
apiKeyAuth:
type: apiKey
in: header
name: x-api-key
description: >-
Pass a static API key for every request, provided by your customer
support.
bearerAuth:
type: http
scheme: bearer
description: >-
Bearer token authentication, using a sessionId generated by `GET
/v2/auth/session`.
sessionIdQuery:
type: apiKey
in: query
name: sessionId
description: >-
Session ID passed as a query parameter for authentication, provided by
`GET /v2/auth/session`.
````