Skip to Content

TwentyThree™ API

API Method: /api/session/redeem-token

Grant access to a site using a pre-authenticated session access token.

This is the second step of the session authorization procedure. If you have session_token=abcdef12345, redirect the client you was to be logged in to this URL:

Note that the session will assume the user redeeming the token has the full name and/or e-mail credentials provided prior in the get-token / redeem-token chain.


session_token (required)The session access token.

Permission level

The minimum required permission level is:



A plain, unstyled error message if the session_token is invalid, consumed or expired.
Otherwise the client is redirected to the return_url you specified when the session token was created.