The Sessions API provides a way for clients to manage Managed Fusion sessions and cookies. When a client successfully authenticates, Managed Fusion will create a unique identifier for the session. This identifier becomes the session key and is mapped to the client. The authentication response contains an HTTP cookie, which is typically stored by the client for later use. By sending this cookie back to Managed Fusion, a client can securely access Managed Fusion without having to re-authenticate.
The Sessions API is useful for performance and repeatability.
For more information, view the API specification. By default, sessions time out after 30 minutes of no activity. Update the cookies timeout in the values.yaml file using the below configuration to set the cookie to expire in 1 hour. 
api-gateway:
  jwtExpirationSecs: 3600

Create a Session

The path for this request is: /api/session?realmName=REALM_NAME where the query parameter realmName takes as its value the name of a realm to authenticate against.
In order to see this object within the Managed Fusion UI, it must be associated with an app. To do this, create the object using the /apps endpoint.

Input

ParameterDescription
username
Required		The username to use in authentication.
password
Required		The password to use in authentication.

Output

The output will include a cookie ID in the HTTP response header. This can be saved to a file and re-used with subsequent REST API requests.

Examples

Create a session against an LDAP server and store it in a file named ‘cookies’: REQUEST 
curl -c cookies -i -H "content-type:application/json" -X POST -d '{"username":"USERNAME", "password":"PASSWORD"}' https://EXAMPLE_COMPANY.b.lucidworks.cloud/api/session?realmName=REALM_NAME
RESPONSE 
HTTP/1.1 201 Created
Set-Cookie: id=840a33d4-b650-49f2-87a4-85412e99b37c;HttpOnly;Path=/api
Content-Length: 0
Server: Jetty(9.1.4.v20140401)
In this case, we got a response because we set curl to include the HTTP in the output. Otherwise, we would not know for sure the session was created.
Use the cookie in another cURL request to see all collections: 
curl -b cookies https://EXAMPLE_COMPANY.b.lucidworks.cloud/api/collections

View Session Details

To view session details, including the current user record, all roles directly assigned to that user, and all roles inherited from the realm by that user, use the following path for the request: /api/session

Examples

REQUEST 
curl 'https://EXAMPLE_COMPANY.b.lucidworks.cloud/api/session' -H 'Cookie: id=416925d6-6d26-4afd-b31d-ced61714d287'
RESPONSE 
{
  "user": {
    "id": "abc123",
    "username": "foo"
  },
  "roles": [
    {"name": "bar"}
  ]
}

End a Session

The path for this request is: /api/session

Examples

Sessions can be ended automatically in the Fusion UI by clicking Account Settings > Log out.