REST API Reference > IDMC REST API > Session IDs

Session IDs

When you log in to an IDMC organization using the REST API, the login resource returns the REST API session ID. You include this session ID in most subsequent REST API requests during the session.

Organization administrators can configure the organization to use one of following authentication types:

•Session ID. If the organization uses the session ID authentication type, session-based authentication is used. The session ID expires after 30 minutes of inactivity. A grace period of up to 2 minutes might be included to account for any network or unexpected delays.
•JSON Web Token (JWT). If the organization uses the JSON Web Token (JWT) authentication type, the session ID value that's returned in a login response is a JWT value. If you use custom scripts, ensure that the scripts handle automatic re-authentication before the JWT expires to avoid any interruptions. For more information, see the JWT Support Knowledge article.

Include the session ID in the header for all API requests other than login requests. The maximum length for session IDs is 16,000 characters to accommodate JWT values.

The attribute name in the header can vary depending on the resource:

•For REST API version 2 resources, use the icSessionId attribute in the header to hold the session ID value.
•For REST API version 3 resources, use the INFA-SESSION-ID attribute in the header to hold the session ID value.
•For other resources, use the IDS-SESSION-ID attribute in the header to hold the session ID value.

The following example shows how icSessionId is used in the header for a REST API version 2 call::

GET https://app.informaticacloud.com/saas/api/v2/licenseInfo/org/<id>
Content-Type: application/xml
Accept: application/xml
icSessionId: <session ID>

The following example shows how INFA-SESSION-ID is used in the header for a REST API version 3 call:

GET https://app.informaticacloud.com/saas/public/core/v3/license/org/{orgId}
Content-Type: application/json
Accept: application/json
INFA-SESSION-ID: 9KA11tLGqxVcGeul8SABC1

You can submit a POST request to determine the status of a session ID.

Use the following URI to submit the request:

/api/v2/user/validSessionId

Include the following attributes in the request:

•userName. Your IDMC user name.
•icToken. If the organization uses the session ID authentication type, include the session ID. If the organization uses the JWT authentication type, include the JWT value.

For example, you might use the following request:

POST https://app.informaticacloud.com/saas/api/v2/user/validSessionId
Content-Type: application/json
Accept: application/json

{
"@type": "validatedToken",
"userName": "user@informatica.com",
"icToken": "9KA11tLGqxVcGeul8SABC1"
}

The response returns whether the session ID is valid or not and the number of minutes left before the session ID expires. For example, you might receive the following response:

{
"@type": "validatedToken",
"timeUntilExpire": 29,
"isValidToken": true
}

Note: The timeUntilExpire value changes to "0" when the session or JWT will expire in less than 1 minute. The isValidToken value changes to "false" when the session or JWT expires. To avoid the risk of authentication failure, reauthenticate when the timeUntilExpire value changes to 0.