Configure the session
The Identity Cloud session can be configured via the session policy. The available configurations are:
| Configuration | Attribute name | Default value | Value range |
|---|---|---|---|
| Session feature enablement | deactivated | Active (false) | Active (false) or Deactivated (true) |
| Maximum session lifespan if user is inactive (in seconds) | inactivityTTL | 30 Days (2592000) | 1 Minute (60) - 90 Days (7776000) |
| Maximum session lifespan regardless of activity (in seconds) | absoluteTTL | 1 Year (31536000) | 1 Day (86400) - 1 Year (31536000) or Forever (-1) |
Configuration endpoint
The session policy is configured via the /config/v3/policies/sessions-default endpoint.
The base URL for this endpoint is the region-specific URL you were given when your Identity Cloud instance was created, and is the same base URL used for other configuration endpoints. Example:
https://v1.api.eu.janrain.com
The full endpoint looks like this (for example):
https://v1.api.eu.janrain.com/config/v3/policies/sessions-default
Request methods & headers
The session policy can be viewed, updated, or reset depending on the HTTP request method used when calling the endpoint. See the table below for details.
| I want to… | Endpoint | Method | Minimum required auth scope |
|---|---|---|---|
| View my session policy | /config/v3/policies/sessions-default | GET | .:config/v3/policies/sessions-default |
| Update my session policy | /config/v3/policies/sessions-default | PATCH | +:config/v3/policies/sessions-default |
| Reset my session policy to defaults | /config/v3/policies/sessions-default | DELETE | *:config/v3/policies/sessions-default |
Like other Identity Cloud and Hosted Login configuration endpoints, this endpoint uses token-based authentication. This means you must retrieve an administrative access token with adequate scope(s) to pass into the Authorization header. (See the Minimum required auth scope column in the table above for reference.)
To identify your Identity Cloud instance to configure, you must pass your customer ID into the Tenant-ID header.
| Required header | Header value |
|---|---|
Authorization | Bearer {admin-access-token} |
Tenant-ID | {customer-id} |
All
/config/v3endpoints support passing the customer ID in either theTenant-IDheader or directly in the endpoint path, like this:
https://v1.api.eu.janrain.com/{customer-id}/config/v3/policies/sessions-default
Example API calls
View a session policy
curl --location --request GET 'https://v1.api.eu.janrain.com/config/v3/policies/sessions-default' \
--header 'Tenant-ID: a12bc34d-567e-8f90-gh12-3i45jk678lm9' \
--header 'Authorization: Bearer xk_t4lAQzpjJVTGhpNh2fdhtRsgPUJXaQuYS0KXEiQzttEKNHU7WLpT4eSyxzoDB'
Example success response: 200 OK
{
"deactivated": false,
"updatedAt": "2023-09-14T15:02:17.846682989Z",
"absoluteTTL": 31536000,
"inactivityTTL": 2592000
}
Update a session policy
curl --location --request PATCH 'https://v1.api.eu.janrain.com/config/v3/policies/sessions-default' \
--header 'Tenant-ID: a12bc34d-567e-8f90-gh12-3i45jk678lm9' \
--header 'Authorization: Bearer xk_t4lAQzpjJVTGhpNh2fdhtRsgPUJXaQuYS0KXEiQzttEKNHU7WLpT4eSyxzoDB' \
--header 'Content-Type: application/json' \
--data '{
"absoluteTTL": 7776000
}'
Example success response: 204 No Content (no body)
Reset a session policy to default values
curl --location --request DELETE 'https://v1.api.eu.janrain.com/config/v3/policies/sessions-default' \
--header 'Tenant-ID: a12bc34d-567e-8f90-gh12-3i45jk678lm9' \
--header 'Authorization: Bearer xk_t4lAQzpjJVTGhpNh2fdhtRsgPUJXaQuYS0KXEiQzttEKNHU7WLpT4eSyxzoDB'
Example success response: 204 No Content (no body)
Updated about 20 hours ago