🔒 Generate Token

POST

/authorization/sessiontoken

Generate a session token for the account associated with the login link obtained through the authorization link.

Authorization

API Key string required

Request

Body required

Requires the login link obtained through the /authorization/link endpoint and the verifier associated with the login link

Example
Schema

{
  "loginLink": "",
  "verifier": ""
}

Response

Success

Example
Schema

{
  "error": false,
  "data": {
    "sessionToken": "eyJhbGciOiJIUzI1NiJ9..."
  }
}

Bad Request

Example
Schema

{
  "error": true,
  "message": "Missing required body field"
}

Unauthorized

Example
Schema

{
  "error": true,
  "message": "Invalid authorization"
}

Bad Gateway

Example
Schema

{
  "error": true,
  "message": {
    "nintendoResponse": {
      "error_description": "The provided session_token_code is expired",
      "error": "invalid_request"
    }
  }
}

Handling 502 Responses

When something goes wrong while trying to authenticate with Nintendo, you will receive a 502 response code, alongside a JSON object with information about where the process failed. It is important to understand how to handle these responses correctly.

The JSON object you receive will contain a nintendoResponse field inside of the message object, which will tell you why the process failed.

The provided session_token_code is expired

The login link has expired. You will have to generate a new login link and verifier to generate a new session token.
The provided session_token_code is invalid

The session token code inside the login link has been modified or the verifier does not belong to the login link. Make sure you are using the correct verifier and associated login link.
The request does not satisfy the schema

The verifier has been modified. Make sure you are using the original verifier.

Aditional Notes

Session tokens are valid for two years. After that, a new session token will have to be generated.
Session tokens can be revoked from the login history on the Nintendo Account website.