Turnkey sessions allow a user to take multiple, contiguous actions in a defined period of time.
get
or list
) requires an organizationId
parameter. Populate that field with the sub-organization’s ID in order to get its data.
X-Session
header, gives permission to perform reads. Note that because this is an activity performed by an end-user, it requires authentication (e.g. via passkey).
If you’d like to do this via our SDK abstractions, you can leverage the login1 method, which creates a CreateReadOnlySession
activity under the hood. It stores the resulting session string in Local Storage2, and subsequent requests to fetch data from Turnkey injects the session stored here at call time3 within @turnkey/sdk-browser
.
crypto.subtle.generateKey()
IndexedDBStamper
that simplify authentication flowsIndexedDbClient
for full end-to-end authentication flows.
How can I refresh a session?
refreshSession
abstraction will create a brand new session and automatically store the resulting new session in local storage.How can I delete a session?
How long are sessions?
expirationSeconds
parameter. The default length is 900 seconds (15 minutes).How many session keys can be active at once?
invalidateExisting
parameter for all _LOGIN
activities. This will clear all existing session keys.Can I use the same sessions implementation for web and mobile?