> ## Documentation Index
> Fetch the complete documentation index at: https://dev.moonpay.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a session

> Create a session token to initialize a connection



## OpenAPI

````yaml POST /platform/v1/sessions
openapi: 3.1.0
info:
  title: MoonPay
  version: 1.0.0
servers:
  - url: https://api.moonpay.com
    description: Production Environment
    variables: {}
  - url: https://api.moonpay.dev
    description: Sandbox Environment
    variables: {}
security: []
tags:
  - name: Assets
  - name: Quote
  - name: Customer
  - name: Identity
  - name: Transactions
paths:
  /platform/v1/sessions:
    post:
      operationId: DevPlatform_createSessions
      parameters: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateSessionTokenRequestBody'
      responses:
        '200':
          description: The request has succeeded.
          headers:
            X-Request-Id:
              required: true
              schema:
                type: string
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateSessionTokenResponse'
        '400':
          description: The server could not understand the request due to invalid syntax.
          headers:
            X-Request-Id:
              required: true
              schema:
                type: string
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: number
                    enum:
                      - 400
                  type:
                    type: string
                  message:
                    type: string
                required:
                  - code
                  - type
                  - message
                unevaluatedProperties:
                  not: {}
      security:
        - SecretApiKeyInHeaderAuth: []
components:
  schemas:
    CreateSessionTokenRequestBody:
      type: object
      required:
        - deviceIp
      properties:
        externalCustomerId:
          type: string
          minLength: 1
          maxLength: 255
          description: A unique identifier for the customer from your system.
          examples:
            - user_01AN4Z07BY
        deviceIp:
          anyOf:
            - $ref: '#/components/schemas/IPv4Address'
            - $ref: '#/components/schemas/IPv6Address'
          description: >-
            The IP address of the user's device to ensure the integrity of the
            session. Both IPv4 and IPv6 values are supported.
          examples:
            - 0.0.0.0
        email:
          type: string
          minLength: 5
          maxLength: 255
          format: email
          description: >-
            The customer's email address. Must be a valid email. If provided,
            enables email OTP authentication.
          examples:
            - user@example.com
        phoneNumber:
          type: string
          pattern: ^\+[1-9]\d{1,14}$
          description: >-
            The customer's phone number in E.164 format. If both email and phone
            are provided, enables phone OTP authentication for returning
            customers.
          examples:
            - '+14155551234'
      unevaluatedProperties:
        not: {}
    CreateSessionTokenResponse:
      type: object
      required:
        - sessionToken
      properties:
        sessionToken:
          type: string
          minLength: 1
          maxLength: 8192
          description: >-
            An opaque session token used to set up a connection on your
            frontend. This token is single-use and must be generated each time
            the customer visits your app.


            Token expires 24 hours after issuance.
          examples:
            - c2Vzc2lvbi50b2tlbg
      unevaluatedProperties:
        not: {}
    IPv4Address:
      type: string
      format: ipv4
    IPv6Address:
      type: string
      format: ipv6
  securitySchemes:
    SecretApiKeyInHeaderAuth:
      type: apiKey
      in: header
      name: X-Api-Key
      description: |-
        Secret key authentication via the `X-Api-Key` header.

        Example: `X-Api-Key: <secretKey>`

````