Last modified December 18, 2020 by Shelly Wolfe

Session token

Swrve allows for a session token that is a hash of your API key in the calls you make. All API calls to <app_id>.api.swrve.com are authenticated using a session token of the form app_id=user_id=timestamp=md5hash. Note that API calls to abtest.swrve.com/api/1 do not use a session token, but instead simply use the API key. The fields in a session token are as follows:

  • app_id: The ID assigned to your app by Swrve.
  • user_id: The unique ID used to track the user in Swrve.
  • timestamp: The time the user’s current session began, represented as seconds since the epoch. A session token cannot be used for more than 48 hours.
  • md5hash: This is an md5 hash of the string formed by concatenating the user_id, timestamp, and api_key.

The session token is only required for batch API calls. Every other API call has the option of using the session token or the api_key and user parameters. The iOS and Unity SDKs automatically create a session token for you based on the api_key, app_id and user_id you supply.

This article references Swrve’s URLs for all data and content stored in both our US and EU data centers. Click the relevant tab based on your app configuration. For more information, see How do I configure the Swrve SDK for EU data storage?

Using the session token

To use the session token, first create it. The following is sample PHP code to generate a session token:

function session_token($user_id) {
  $api_key = "Vlyyusz3VXpVDDD0XHRD";
  $app_id = "2";
  $seconds_since_epoch = time();
  $md5_hash = md5($user_id . $seconds_since_epoch . $api_key);
  return "$app_id=$user_id=$seconds_since_epoch=$md5_hash";
}

The following is sample Java code to generate a session token:

private static String generateSessionToken(String apiKey, int appId, String userId)
        throws NoSuchAlgorithmException, UnsupportedEncodingException {

    String timestamp = Long.toString((new Date().getTime()) / 1000);

    byte[] bytesOfMessage = (userId + timestamp + apiKey).getBytes("UTF-8");
    MessageDigest md5 = MessageDigest.getInstance("MD5");
    byte[] hash = md5.digest(bytesOfMessage);

    StringBuilder hexDigest = new StringBuilder();
    for (int i = 0; i < hash.length; i++) {
        if ((0xFF & hash[i]) < 0x10) {
            hexDigest.append("0");
        }
        hexDigest.append(Integer.toHexString(0xFF & hash[i]));
    }
    return String.format("%d=%s=%s=%s", appId, userId, timestamp, hexDigest.toString());

Once you have created the session token, replace the api_key and user parameters with session_token.

API key and user example

US

curl -d "api_key=" -d "user_id=" -d "swrve_payload=
{"referrer":"somesite.com","paid":false}" 
https://<app_id>.api.swrve.com/1/session_start

EU

curl -d "api_key=" -d "user_id=" -d "swrve_payload=
{"referrer":"somesite.com","paid":false}" 
https://<app_id>.eu-api.swrve.com/1/session_start

Session token example

US

curl -d "session_token=" -d "swrve_payload=
{"referrer":"somesite.com","paid":false}" 
https://<app_id>.api.swrve.com/1/session_start

EU

curl -d "session_token=" -d "swrve_payload=
{"referrer":"somesite.com","paid":false}" 
https://<app_id>.eu-api.swrve.com/1/session_start