Skip to main content
POST
/
v1
/
sessions
/
token
Mint a runtime session token
curl --request POST \
  --url https://api.alakazam.gg/v1/sessions/token \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "worldId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "playerIdentity": "<string>",
  "origin": "<string>",
  "ttlSeconds": 300
}
'
{
  "token": "<string>",
  "expiresIn": 123,
  "worldId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "slug": "<string>",
  "jti": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
}

Authorizations

Authorization
string
header
required

An app API key, e.g. Authorization: Bearer sk_live_…. Secret (sk_) for writes/sessions; publishable (pk_) for read/embed.

Body

application/json
worldId
string<uuid>
required
playerIdentity
string

Your stable id for the end-user.

origin
string

The embedding origin; binds the token's aud and CSP frame-ancestors.

ttlSeconds
integer
default:300
Required range: 60 <= x <= 3600

Response

A session token

token
string

Short-lived signed token for the embed SDK.

expiresIn
integer

Seconds until expiry.

worldId
string<uuid>
slug
string | null
jti
string<uuid>