Skip to main content
POST
/
platform
/
v1
/
sessions
cURL
curl --request POST \
  --url https://api.moonpay.com/platform/v1/sessions \
  --header 'Content-Type: application/json' \
  --header 'X-Api-Key: <api-key>' \
  --data '
{
  "deviceIp": "0.0.0.0",
  "externalCustomerId": "<string>",
  "email": "jsmith@example.com",
  "phoneNumber": "<string>"
}
'
{
  "sessionToken": "<string>"
}

Authorizations

X-Api-Key
string
header
required

Secret key authentication via the X-Api-Key header.

Example: X-Api-Key: <secretKey>

Body

application/json
deviceIp
required

The IP address of the user's device to ensure the integrity of the session. Both IPv4 and IPv6 values are supported.

Example:

"0.0.0.0"

externalCustomerId
string

A unique identifier for the customer from your system.

Required string length: 1 - 255
Example:

"user_01AN4Z07BY"

email
string<email>

The customer's email address. Must be a valid email. If provided, enables email OTP authentication.

Required string length: 5 - 255
Example:

"user@example.com"

phoneNumber
string

The customer's phone number in E.164 format. If both email and phone are provided, enables phone OTP authentication for returning customers.

Pattern: ^\+[1-9]\d{1,14}$
Example:

"+14155551234"

Response

The request has succeeded.

sessionToken
string
required

An opaque session token used to set up a connection on your frontend. This token is single-use and must be generated each time the customer visits your app.

Token expires 24 hours after issuance.

Required string length: 1 - 8192
Example:

"c2Vzc2lvbi50b2tlbg"