Skip to Content
Embed SystemSessions

Embed Sessions

Embed sessions grant temporary access to Orderly features for your end users. Your backend creates sessions and passes tokens to your frontend.

Session Flow

  1. Your user logs into your application
  2. Your backend calls the Orderly API to create an embed session
  3. You pass the session token to your frontend
  4. The frontend initializes the embed SDK with the token
  5. The embed components authenticate using the session

Creating a Session

From your backend:

POST /api/embed/sessions
Content-Type: application/json
Authorization: Bearer your-api-key
 
{
  "endUserId": "your-internal-user-id",
  "endUserEmail": "user@example.com",
  "permissions": ["bridges:read", "orders:read"],
  "expiresIn": 3600
}

Returns:

{
  "data": {
    "sessionToken": "es_...",
    "expiresAt": "2026-03-16T17:00:00Z"
  }
}

Session Scoping

Sessions are scoped to:

  • A specific end user
  • A specific set of permissions
  • A time limit (default: 1 hour)

This ensures your end users can only access what you intend.

Publishable KeysEnd Users