Stytch - Auth platform for developers

Wraps Stytch's Authenticate Session endpoint and validates that the session issued to the user is still valid. The SDK will invoke this method automatically in the background. You probably won't need to call this method directly. It's recommended to use session.getSync and session.onChange instead.

Method parameters

Configuration object

Additional configuration.

session_duration_minutes int

Set the session lifetime to be this many minutes from now. This will return both an opaque session_token and session_jwt for this session, which will automatically be stored either in the browser cookies if you're using our JavaScript SDK, or in the iOS Keychain/ Android SharedPreferences if you're using one of our mobile SDKs. The session_jwt will have a fixed lifetime of five minutes regardless of the underlying session duration, and will be automatically refreshed by the SDK in the background over time.

This value must be a minimum of 5 and may not exceed the maximum session duration minutes value set in the Frontend SDK page of the Stytch Dashboard.

A successful authentication will continue to extend the session this many minutes.

Response fields

request_id string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code int

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

session object

If you initiate a Session, by including session_duration_minutes in your authenticate call, you'll receive a full Session object in the response.

See Session object for complete response fields.

session_id string

A unique identifier for a specific Session.

user_id string

The unique ID of the affected User.

authentication_factors array[objects]

An array of different authentication factors that comprise a Session.

started_at string

The timestamp when the Session was created. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

last_accessed_at string

The timestamp when the Session was last accessed. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

expires_at string

The timestamp when the Session expires. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

attributes object

Provided attributes help with fraud detection.

ip_address string

The IP address of the user.

user_agent string

The user agent of the User.

custom_claims map<string, any>

The custom claims map for a Session. Claims can be added to a session during a Sessions authenticate call.

import React, { useEffect } from 'react'; import { useStytch } from '@stytch/react'; export const AuthenticateSession = () => { const stytch = useStytch(); useEffect(() => { const authenticate = () => { if (stytch.session.getSync()) { stytch.session.authenticate({ session_duration_minutes: 60, }); } }; // Refresh session every 50 minutes let interval = setInterval(authenticate, 3000000); return () => clearInterval(interval); }, [stytch]); return <></>; };

{ "status_code": 200, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "session": { "attributes": { "ip_address": "203.0.113.1", "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" }, "authentication_factors": [ { "delivery_method": "email", "email_factor": { "email_address": "sandbox@stytch.com", "email_id": "email-test-81bf03a8-86e1-4d95-bd44-bb3495224953" }, "last_authenticated_at": "2021-08-09T07:41:52Z", "created_at": "2021-08-09T07:41:52Z", "updated_at": "2021-08-09T07:41:52Z", "type": "magic_link" } ], "custom_claims": { "claim1": "value1", "claim2": "value2", }, "expires_at": "2021-08-10T07:41:52Z", "last_accessed_at": "2021-08-09T07:41:52Z", "session_id": "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509", "started_at": "2021-08-09T07:41:52Z", "user_id": "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6", }, "session_jwt": "example_jwt" "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q" "user": {...}, }

{ "status_code": 404, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "session_not_found", "error_message": "Session could not be found.", "error_url": "https://stytch.com/docs/api/errors/404" }

{ "status_code": 429, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "too_many_requests", "error_message": "Too many requests have been made.", "error_url": "https://stytch.com/docs/api/errors/429" }

{ "status_code": 500, "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141", "error_type": "internal_server_error", "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.", "error_url": "https://stytch.com/docs/api/errors/500" }

Authenticate session

Method parameters

Response fields