# Create a session The Session service API enables the creation of transaction sessions, supporting various transaction methods such as card payments and alternative payment methods (APMs). It facilitates seamless integration for payment processing by generating a session that securely collects payment details and initiates transactions. This service ensures secure and efficient payment flows, improving the user experience across multiple payment channels. Endpoint: POST /sessions Version: 1.0.0 Security: PXP-UST1 ## Request fields (application/json): - `merchant` (string, required) Your unique merchant identifier, as assigned by PXP. Example: "MERCHANT-1" - `site` (string, required) Your unique site identifier, as assigned by PXP. Example: "SITE-1" - `merchantTransactionId` (string, required) A unique identifier for this transaction. Example: "TRANSACTION-1" - `sessionTimeout` (integer) The duration of the session, in minutes. Example: 120 - `amounts` (object, required) Details about the transaction amount. - `amounts.currencyCode` (string, required) The currency code associated with the transaction, in ISO 4217 format. Example: "EUR" - `amounts.transactionValue` (number, required) The transaction amount. The numbers after the decimal will be zero padded if they are less than the expected currencyCode exponent. For example, GBP 1.1 = GBP 1.10, EUR 1 = EUR 1.00, or BHD 1.3 = 1.300. The transaction will be rejected if numbers after the decimal are greater than the expected currencyCode exponent (e.g., GBP 1.234), or if a decimal is supplied when the currencyCode of the exponent does not require it (e.g., JPY 1.0). Example: 30.32 - `transactionMethod` (object, required) Details about the transaction method. - `transactionMethod.intent` (object, required) Details about the intent for different payment methods. - `transactionMethod.intent.card` (string) The intent for card or Apple Pay transactions. Enum: "Authorisation", "Purchase", "Verification", "EstimatedAuthorisation", "Payout" - `transactionMethod.intent.paypal` (string) The intent for PayPal transactions. Enum: "Authorisation", "Purchase" - `allowTransaction` (boolean,null) Whether the transaction is allowed to proceed. If not provided, defaults to null (no decision made yet). Example: true - `addressVerification` (object) Details about the cardholder's address. These help in the validation and fraud prevention process by matching the provided address with the cardholder's address on file. - `addressVerification.countryCode` (string, required) The country associated with the cardholder's address, in ISO 3166-1 alpha-2 format. Example: "GB" - `addressVerification.houseNumberOrName` (string, required) The house number or name associated with the cardholder's address. Example: "10 Downing Street" - `addressVerification.postalCode` (string, required) The postal code of the cardholder's address. Example: "SW1A 2AA" - `identityVerification` (object) Details about the cardholder's identity. These help in ensuring that the information provided matches the cardholder's details on file. - `identityVerification.nameVerification` (boolean) Whether the cardholder's name matches the name associated with the registered address on file. Example: true - `threeDSecureData` (object) Details about the 3D Secure authentication data from an external authentication process. - `threeDSecureData.threeDSecureVersion` (string,null) The 3DS protocol version. Example: "2.2" - `threeDSecureData.electronicCommerceIndicator` (string,null) The ECI value indicating the authentication result. Example: "05" - `threeDSecureData.cardHolderAuthenticationVerificationValue` (string,null) The CAVV value from 3DS authentication. Example: "CAVV1234567890" - `threeDSecureData.directoryServerTransactionId` (string,null) The Directory Server transaction identifier. Example: "550e8400-e29b-41d4-a716-446655440000" - `threeDSecureData.threeDSecureTransactionStatus` (string,null) The 3DS transaction status. Example: "Y" ## Response 200 fields (application/json): - `sessionId` (string, required) The unique identifier for the created session. Example: "f47ac10b-58cc-4372-a567-0e02b2c3d479" - `hmacKey` (string, required) The HMAC key generated for securing session communications. Example: "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6" - `encryptionKey` (string, required) A key used for encrypting sensitive session data during communication. Example: "k8l9m0n1o2p3q4r5s6t7u8v9w0x1y2z" - `sessionExpiry` (string, required) The timestamp indicating when the session will expire, in ISO 8601 format. Example: "2025-05-19T13:39:20.3843454Z" - `allowedFundingTypes` (object) Details about the funding types allowed for this session. - `allowedFundingTypes.cardSchemes` (array) The card schemes allowed for this session. Enum: "Diners", "Mastercard", "American Express", "Visa" - `allowedFundingTypes.cards` (array) The cards allowed for this session. Example: [] - `allowedFundingTypes.wallets` (object) Details about the wallets allowed for this session. - `allowedFundingTypes.wallets.paypal` (object) The PayPal configuration settings. - `allowedFundingTypes.wallets.paypal.allowedFundingOptions` (array) The list of allowed funding options for PayPal. - `allowedFundingTypes.wallets.paypal.merchantId` (string,null) The PayPal merchant identifier. - `allowedFundingTypes.wallets.applePay` (object) The Apple Pay configuration settings. - `allowedFundingTypes.wallets.applePay.merchantId` (string, required) The Apple Pay merchant identifier. - `allowedFundingTypes.wallets.googlePay` (object) The Google Pay configuration settings. - `allowedFundingTypes.wallets.googlePay.merchantId` (string, required) The Google Pay merchant identifier. Example: "Unity" - `allowedFundingTypes.wallets.googlePay.gatewayMerchantId` (string, required) A unique merchant identifier assigned by PXP. Example: "Prime" - `allowedFundingTypes.wallets.googlePay.merchantName` (string, required) A unique merchant name assigned by PXP. Example: "Prime Team"