Skip to main content

Overview

The principal_sessions sub-client lets you create short-lived session tokens for your end-users. These tokens power the Permission Dashboard where users can view which agents have access and revoke grants.

principal_sessions.create()

Create a session token for an end-user. Returns a URL they can open to manage their permissions.

Parameters: CreatePrincipalSessionParams

principal_id
str
required
The end-user’s principal ID — the same user_id used in grantex.authorize().
expires_in
str | None
Session duration. Format: "30m", "1h", "24h". Defaults to "1h", capped at "24h".

Response: PrincipalSessionResponse

session_token
str
The signed JWT session token.
dashboard_url
str
Full URL the user can open in their browser to view and revoke permissions. The session token is carried in the URL fragment (#session=...), not the query string, so it is never transmitted to the server or captured in Referer headers or access logs.
expires_at
str
ISO 8601 timestamp when the session token expires.

Errors

Last modified on April 14, 2026