Sessions

Operation executed by GPAS in which the authToken is sent to validate and create a wallet session.

Endpoint Details

• Method: POST
• URL: /sessions

Request Parameters

Name	Type	Request	Description
Authorization	String	Header (JWT - JSON Web Token)	Authentication token provided by the operator’s system to validate the request, this parameter is sent in the launcher (AuthToken) and forwarded to the operator
walletId	String	QueryString	Wallet identifier
x-parent-system-id	String	Header	Unique GPAS identifier in the operator system
x-signature	String	Header	Signature of the message for communication security, it must be in capital letters

Response Parameters

Name	Type	Request	Description
id	String	Body	Wallet session identifier, used for all methods (debit, credit, rollback, etc.)
walletId	String	Body	Wallet identifier
created	DateTime	Body	Creation date
status	String	Body	Session status (OPEN, CLOSE)

Request Example

POST /sessions?walletId=2sdf1sd
HEADER
Authorization: Bearer <AuthToken>
x-parent-system-id: BL13GT
x-signature: SHA1(query string + secret key)

Example Signature

• QueryString: walletId=2sdflsd
• SecretKey: Ax34deSfgdB
• SHA1: Encryption Function
• SHA1(walletId=2sdflsdAx34deSfgdB)
• Signature: 8F0F3379F1C6CC24DF5A4DC2A937061102487C46

Response Example

{
  "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "walletId": "2sdf1sd",
  "created": "2021-08-30T16:58:35.476Z",
  "status": "OPEN"
}

Implementation Notes

• The session created by this method will be used in all subsequent API calls
• The session remains active until explicitly closed using the Close method
• If an invalid authentication token is provided, the request should return an appropriate error response
• For more information about the signature, see the x-signature section