Hugh Jeremy edited this page Aug 14, 2018 · 3 revisions

Documentation > Session

Sessions are the keys to the Amatino kingdom. All requests to the Amatino API, except those requests to create Sessions themselves, must include two HTTP headers: An integer session identifier, and a Hashed Message Authentication Code (HMAC) signed with a Session API Key.

Creating a Session with a POST request is analogous to 'logging in', and deleting a Session with a DELETE request is analogous to 'logging out'. Your application might wish to create multiple Sessions for a User. For example, one per device.

The formula for the Amatino API HMAC signature is SHA512((Unix timestamp in seconds) + (URI path) + (JSON data)), using the Session API key as the hash key. The HMAC should be URL-safe Base64 encoded.


.id - Number

An integer identifier for this Session

Example: 4200100

.apiKey - String

A URL-safe base-64 encoded 256-bit random number generated in a cryptographically secure manner

Example: "EPcmwPnjFQFWrZjYtM3J6GZMrGA0gC-40cUD0NKK_K0A"

.userId - Number

The integer identifier of the User to whom this Session provides credentials

Example: 46892412


static .createWithEmail()


  1. email: String - ""
  2. secret: String - "high entropy passphrase"
  3. callback: (Error, Session)


const _ = Session.createWithEmail(
  "high entropy passphrase",
  (error, session) => {
    console.log(session.userId) // E.g. logs "46892412"

static .createWithUserId()

Not Implemented

.signature() -> String

Returns a string request HMAC suitable for provision in the X-Signature header.


  1. jsonData: Object - {"some": "request data"}
  2. path: String - "/transactions"


const signature = session.signature(
  {"name": "MegaCorp", "description": "A mega corporation", "region_id": 1},
console.log(signature) // E.g. "yxATCPRKAAXHNiPctNQPHEGGVJF"...


Not Implemented

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.