Skip to main content
POST
/
auth
/
session-token
Mint a session token
const options = {
  method: 'POST',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: JSON.stringify({profileId: 'profile_abc123'})
};

fetch('https://api.discovr.media/auth/session-token', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
{
  "sessionToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "sessionId": "feedfacefeedfacefeedfacefeedface",
  "expiresAt": 1733091000
}

Documentation Index

Fetch the complete documentation index at: https://docs.discovr.media/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer token authentication.

  • Identity-tier endpoints (/profiles, /auth/session-token, /auth/session) accept a long-lived refresh token (rt_<hex>).
  • Session-tier endpoints (/pages/*, /profile/*) accept a short-lived session JWT.

SDK clients use two typed API accessors (identityApi() with the refresh token vs sessionApi() with the session JWT) — see the SDK DiscovrAuth helper.

Format: Authorization: Bearer {token}

Body

application/json
profileId
string
required

The profile to bind the session to. Must belong to the authenticated user (the refresh token in the Authorization header).

Example:

"profile_abc123"

Response

A new session token.

sessionToken
string
required

Short-lived (30 minute) session JWT. Use as the bearer for session-tier endpoints (/pages/*, /profile/*).

Example:

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

sessionId
string
required

Discovery-session id embedded in the JWT. Also written onto pages and rows created during this session for downstream analytics.

Example:

"feedfacefeedfacefeedfacefeedface"

expiresAt
integer<int64>
required

Session-token expiry as Unix seconds. Equals the JWT's exp claim.

Example:

1733091000