Last modified January 21, 2019 by Shelly Wolfe

Session token

Swrve allows for a session token that is a hash of your API key in the calls you make. All API calls to <app_id> are authenticated using a session token of the form app_id=user_id=timestamp=md5hash. Note that API calls to do not use a session token, but instead simply use the API key. The fields in a session token are as follows:

  • app_id: The ID assigned to your app by Swrve.
  • user_id: The unique ID used to track the user in Swrve.
  • timestamp: The time the user’s current session began, represented as seconds since the epoch. A session token cannot be used for more than 48 hours.
  • md5hash: This is an md5 hash of the string formed by concatenating the user_id, timestamp, and api_key.

The session token is only required for batch API calls. Every other API call has the option of using the session token or the api_key and user parameters. The iOS and Unity SDKs automatically create a session token for you based on the api_key, app_id and user_id you supply.

This article references Swrve’s URLs for all data and content stored in both our US and EU data centers. Click the relevant tab based on your app configuration. For more information, see How do I configure the Swrve SDK for EU data storage?

Using the session token

To use the session token, first create it. The following is sample PHP code to generate a session token:

The following is sample Java code to generate a session token:

Once you have created the session token, replace the api_key and user parameters with session_token.

API Key and user example



Session token example