Fetch userId by sessionId
🔐 Fetch UserId by SessionId API
This API allows enterprises to fetch the REL-ID user ID associated with a session ID. It is primarily used to enforce session correlation between the REL-ID SDK and the enterprise backend.
🧭 Overview
Enterprises can use this API to ensure that the user authenticated via REL-ID is the same user logging into the enterprise application server. This eliminates the risk of a user entering a different userId manually after authenticating through REL-ID.
🔄 How it Works
- REL-ID SDK generates a
sessionIdonce the user successfully authenticates. - The enterprise (mobile or web) app must retrieve this
sessionIdfrom the REL-ID SDK. - The
sessionIdshould then be included in the login request to the enterprise application server. - The enterprise backend will call this API to fetch the
userIdtied to the session. - Login is permitted only if the
userIdfrom this API matches the one in the enterprise system.
✅ Benefit
This enables secure session binding, prevents user spoofing, and streamlines login workflows.
In secure environments (e.g., web apps), enterprises may remove the user ID field entirely from the login form and rely solely on the userId returned from this API. The user no longer needs to manually enter their ID — reducing friction and increasing trust.
🔗 Endpoint
GET https://REL-ID-SERVER-IP:9442/v1/sessions/session?sessionId=<sessionId>🔐 Authorization
Authorization: Bearer <access_token>📥 Request Parameters
| Parameter | Location | Type | Required | Description |
|---|---|---|---|---|
sessionId | Query Param | String | ✅ Yes | Session ID issued by REL-ID SDK. Must be valid and active. |
❌ Request Body
- None (Leave body blank)
✅ Success Response
| HTTP Code | Response Type | Description |
|---|---|---|
200 OK | JSON Object | Returns user ID and session-related metadata. |
🔄 Sample Success Response
{
"message": "Session is ACTIVE",
"user_id": "u1",
"group_name": "g1",
"client_ip_address": "182.70.80.151",
"secondary_group_names": [
"temp_group"
],
"loginId": "u1"
}❌ Error Responses (Collapsible)
❗ 422 - Invalid SessionId
{
"timeStamp": "2023-05-30T12:33:32IST",
"status": 422,
"error": "Invalid data.",
"message": "Invalid session Id specified.",
"path": "/v1/sessions/session"
}💥 500 - Internal Server Error
{
"timeStamp": "2023-06-12T11:43:50IST",
"status": 500,
"error": "Internal Server Error",
"message": "Unexpected error occurred while processing request",
"path": "/v1/sessions/session"
}📝 Notes
- Useful for enforcing session correlation in enterprise login flows.
- Greatly simplifies secure login by eliminating the need for manual user ID input.
Updated 3 months ago