Generate authorization code

post

https://api.funtrips.io/{stage}/session

Issues a short-lived single-use authorization code for a user. The code should be embedded in a magic link email sent to the user. Called by trusted S2S services only.

Events fired

Event	Trigger	Description
`authorization.CodeIssued`	sync	Fired when the authorization code is successfully issued.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Body Params

external_user_id

string

required

length between 1 and 128

Identifier for the user in the caller's system (typically email). The platform stores this value verbatim and treats it as the canonical user reference for all subsequent admin endpoints — pass the same value back when calling e.g. GET /admin/fulfillment/users/{external_user_id}/orders or POST /admin/loyalty/ledgers/{external_user_id}/entries.

ttl_seconds

integer

60 to 900

Code lifetime in seconds. Defaults to 300.

integration_context

object

Free-form key-value bag supplied by the integrator as input for the platform's per-retailer integration package. The integration adapter (under internal/<integration>/infra/) reads agreed-upon keys from this object to seed retailer-specific state for the session — for example a current loyalty point balance, a customer tier, a partner reference, or anything else the integration needs from the integrator's system at session-creation time.

The set of recognised keys is integration-specific and documented per integration; unknown keys are stored on the session and otherwise ignored. Values may be any JSON type (string, number, boolean, object, array) — the integration adapter is responsible for interpreting them.

Headers

Idempotency-Key

uuid

required

Client-generated UUID. Identical keys within the TTL window return the cached response.

string

enum

Defaults to application/json

Generated from available response content types

Allowed:

Responses

Language

Credentials

OAuth2

URL

Loading…

Response

Click Try It! to start a request and see the response here! Or choose an example:

application/json

application/problem+json

200Authorization code issued.

208The request was already processed. The original response body is returned unchanged. Treat this identically to the normal success response for this endpoint.

400The request body or parameters are invalid.

401Missing or invalid authentication credentials.

500An unexpected server error occurred.