post https://api.sb.spidrsrv.com/ztm/v1/session/create
Use the /session/create endpoint to generate a ZTM session. Spidr does not enforce session expiration. We recommend setting a session expiration of no more than 30 minutes.
Sessions are typically user-based. However userId is optional and a session can be generated without being attached to a user. This is necessary when the user record does not yet exist, such as when running ZTM checks on the Create User endpoint. Best practice is to always use userId to generate a session when possible.
If you are using the Sardine SDK, please initilize the SDK with the session returned.
📘
Please note that a session key is required for ZTM to perform customer and device checks (if your program is using Sardine).