Skip to main content
POST
/
api
/
v1
/
auth
/
sessions
Create a session
curl --request POST \
  --url https://staging.zerolatencylabs.com/api/v1/auth/sessions \
  --header 'Content-Type: application/json' \
  --data '
{
  "payload": "AQABAAAAAAB4m2tQz9KvX1Yk2mN3oQ4rS5tU6vW7xZ8aB9cD0eF1gH2iJ3kL5mN7oP9qR1sT3uV5wX7yZ9a=",
  "public_key": "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
  "signature": "AAcOFRwjKjE4P0ZNVFtiaXB3foWMk5qhqK+2vcTL0tng5+71/AMKERgfJi00O0JJUFdeZWxzeoGIj5adpKuyuQ=="
}
'
{
  "message": "Session created successfully",
  "success": true,
  "reason": "max_sessions_exceeded"
}

Body

application/json

Signed write request from a master key. The JSON body is a Base64SignedPayload (Secp256k1) or a PasskeySignedPayload (passkey — adds WebAuthn authenticator_data, client_data_json, and credential_id, with public_key optional); the wire signature_type selects which. The base64 payload is identical in both and decodes to the binary layout [Header(8) || RequestId(16) || Body || Auth] — see spec/signing.md. The decoded Body is:

  • CreateSession when Header.request_type = create_session (13).

JSON envelope for a signed request: the base64-encoded canonical payload plus the base64 signature and public_key of the signing credential. Session-key (Ed25519) endpoints accept exactly these fields; master-key (Secp256k1 / Passkey) endpoints sign the same payload and may carry additional signature material. Endpoints also accept the equivalent application/octet-stream binary frame.

payload
string
required

Base64-encoded bytes of the canonical request payload.

Example:

"AQABAAAAAAB4m2tQz9KvX1Yk2mN3oQ4rS5tU6vW7xZ8aB9cD0eF1gH2iJ3kL5mN7oP9qR1sT3uV5wX7yZ9a="

public_key
string
required

Base64-encoded public key of the signing credential.

Example:

"AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8="

signature
string
required

Base64-encoded signature over the payload.

Example:

"AAcOFRwjKjE4P0ZNVFtiaXB3foWMk5qhqK+2vcTL0tng5+71/AMKERgfJi00O0JJUFdeZWxzeoGIj5adpKuyuQ=="

Response

Processed; rejection surfaces as success: false

Response for session operations (create/revoke).

message
string
required
Example:

"Session created successfully"

success
boolean
required
Example:

true

reason
null | enum<string>

Machine-readable reason a session operation was rejected. Present only on a success: false response that carries a distinguished rejection; absent otherwise.

Available options:
max_sessions_exceeded