/
Contact usSee pricingStart building
    Overview
    Changelog

    Pre-built UI

    StytchB2B
      Configuration
      Callbacks
    Admin Portal
      SSO
      Org Settings
      Member Management
      SCIM
    B2BIdentityProviderBeta
      Configuration
      UI Callbacks

    Headless

    Organizations
      Get Organization
      Get Organization by Slug
      Update Organization
      Delete Organization
    Members
      Get Member
      Create Member
      Update Member
      Search Members
      Delete Member
      Reactivate Member
      Delete Member Password
      Delete Member MFA Phone Number
      Delete Member MFA TOTP
      Unlink Retired Member Email
      Update Self
      Delete Self Password
      Delete Self MFA Phone Number
      Delete Self MFA TOTP
      Unlink Retired Self Email
      Update Member (Deprecated)
      Delete Member MFA Phone Number (Deprecated)
    RBAC
      Is Authorized
      Permissions
    Email Magic Links
      Login or Signup
      Invite
      Authenticate
      Send Discovery Email
      Authenticate Discovery Magic Link
    Email One-time Passcodes (OTPs)
      Login or Signup
      Authenticate OTP
      Send Discovery Email OTP
      Authenticate Discovery Email OTP
    OAuth
      Start OAuth Flow
      Google One Tap
      Authenticate
      Start Discovery OAuth Flow
      Discovery Authenticate
    Session Management
      Get Session
      Authenticate Session
      Revoke Session
      Update Session
      Exchange Session
      Get Tokens
      Revoke Sessions for Member
    SSO
      Start SSO Flow
      Authenticate
      Get SSO Connections
      Discover SSO Connections
      Delete SSO Connection
      Create SAML Connection
      Update SAML Connection
      Update SAML Connection by Metadata URL
      Delete Verification Certificate
      Create OIDC Connection
      Update OIDC Connection
      Create External Connection
      Update External Connection
    Discovery
      List Discovered Organizations
      Create Organization via Discovery
      Exchange Intermediate Session
    Passwords
      Authenticate
      Reset by Email Start
      Reset by Email
      Reset by Existing Password
      Reset by Session
      Strength Check
    • Discovery

      • Authenticate
        Reset by Email Start
        Reset by Email
    SCIM
      Create SCIM Connection
      Update SCIM Connection
      Delete SCIM Connection
      Get SCIM Connection
      SCIM Token Rotation Start
      SCIM Token Rotation Complete
      SCIM Token Rotation Cancel
      Get SCIM Connection Groups
    Multi-Factor Authentication
    • One-Time Passcodes

      • SMS Send
        SMS Authenticate
    • Time-Based One-Time Passcodes

      • TOTP Create
        TOTP Authenticate
    • Recovery Codes

      • Recovery Codes Recover
        Rotate Recovery Codes
        Get Recovery Codes
    Impersonation
      Authenticate

    More Resources

    Cookies & session management
    SWR & caching
    TypeScript
Get support on SlackVisit our developer forum

Contact us

B2B Saas Authentication

/

Frontend SDKs

/

Headless

/

Session Management

/

Exchange Session

Exchange session

Wraps Stytch's Exchange Session endpoint and exchanges the member's current session for a session in the specified Organization.

If this method succeeds and the Member is not required to complete MFA, the Member will be logged in, granted an active session, and the session cookies will be minted and stored in the browser.

If this method succeeds and MFA is required, the intermediate session token will be stored in the browser as a cookie.

You can listen for successful login events anywhere in the codebase with the stytch.session.onChange() method or useStytchMemberSession hook if you are using React.


Method parameters


organization_id* string

session_duration_minutes* int

locale string

Response fields


request_id string

status_code int

member_id string

session_jwt string

session_token string

intermediate_session_token string

member_authenticated boolean

mfa_required object

member_session object

member object

organization object
import { useStytchB2BClient } from '@stytch/react/b2b';

export const Login = () => {
  const stytch = useStytchB2BClient();

  const exchange = () => {
    stytch.session.exchange({
      organization_id: 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
      session_duration_minutes: 60,
    });
  };

  return <button onClick={exchange}>Log in</button>;
};
RESPONSE
200
​
{
	"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
	"status_code": 200,
	"member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
	"session_jwt": "example_jwt",
	"session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
	"intermediate_session_token": "",
	"member_authenticated": true,
	"mfa_required": null,
	"primary_required": null,
	"member_session": {...},
	"member": {...},
	"organization": {...}
}