Skip to main content
Your backend calls a single Connexease endpoint to mint a short-lived session token: the Session API. The SDK uses that token to run the rest of the onboarding for you, so this is the only endpoint you integrate with directly.

Endpoint


Authorization
string
required
API key in Bearer pk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx format.
Content-Type
string
required
Always application/json.
The SDK never asks you to call this from the browser. Your backend calls it (see Backend Integration); the SDK only calls it directly as a fallback if you pass secretKey to launch().

Response / Success (HTTP 200)

Forward this payload to the SDK exactly as you receive it — your fetchSessionToken returns it untouched and the SDK reads the fields it needs. You don’t need to parse or transform it.

Errors

A failed request returns a non-2xx status with an error body, for example when the secret key is invalid:
In your proxy, forward non-2xx responses to the caller (status + body) so the SDK can surface the message in its error modal. See Backend Integration.