# Vault API — Sessions > Canonical URL: https://developers.apideck.com/apis/vault/reference#tag/Sessions This document contains every operation on the `Sessions` resource. --- # Create Session > **Vault API** · `POST /vault/sessions` > Canonical URL: https://developers.apideck.com/apis/vault/reference#tag/Sessions/operation/sessionsCreate Making a POST request to this endpoint will initiate a Hosted Vault session. Redirect the consumer to the returned URL to allow temporary access to manage their integrations and settings. Note: This is a short lived token that will expire after 1 hour (TTL: 3600). ## Parameters | Name | In | Type | Required | Description | | --- | --- | --- | --- | --- | | `x-apideck-consumer-id` | header | `string` | Yes | ID of the consumer which you want to get or push data from | | `x-apideck-app-id` | header | `string` | Yes | The ID of your Unify application | ### Request Body Additional redirect uri and/or consumer metadata - `consumer_metadata` `object` — The metadata of the consumer. This is used to display the consumer in the sidebar. This is optional, but recommended. - `account_name` `string` — The name of the account as shown in the sidebar. — example: `SpaceX` - `user_name` `string` — The name of the user as shown in the sidebar. — example: `Elon Musk` - `email` `string` — The email of the user as shown in the sidebar. — example: `elon@musk.com` - `image` `string` — The avatar of the user in the sidebar. Must be a valid URL — example: `https://www.spacex.com/static/images/share.jpg` - `redirect_uri` `string` — The URL to redirect the user to after the session has been configured. — example: `https://mysaas.com/dashboard` - `settings` `object` — Settings to change the way the Vault is displayed. - `unified_apis` `array of string` — Provide the IDs of the Unified APIs you want to be visible. Leaving it empty or omitting this field will show all Unified APIs. - `hide_resource_settings` `boolean` — A boolean that controls the display of the configurable resources for an integration. When set to true, the resource configuration options will be hidden and not shown to the user. When set to false, the resource configuration options will be displayed to the user. - `sandbox_mode` `boolean` — Configure [Vault](/apis/vault/reference#section/Get-Started) to show a banner informing the logged in user is in a test environment. - `isolation_mode` `boolean` — Configure [Vault](/apis/vault/reference#section/Get-Started) to run in isolation mode, meaning it only shows the connection settings and hides the navigation items. - `session_length` `string` — The duration of time the session is valid for (maximum 1 week). — example: `30m` - `show_logs` `boolean` — Configure [Vault](/apis/vault/reference#section/Get-Started) to show the logs page. Defaults to `true`. - `show_suggestions` `boolean` — Configure [Vault](/apis/vault/reference#section/Get-Started) to show the suggestions page. Defaults to `false`. - `show_sidebar` `boolean` — Configure [Vault](/apis/vault/reference#section/Get-Started) to show the sidebar. Defaults to `true`. - `auto_redirect` `boolean` — Automatically redirect to redirect uri after the connection has been configured as callable. Defaults to `false`. - `hide_guides` `boolean` — Hide Apideck connection guides in [Vault](/apis/vault/reference#section/Get-Started). Defaults to `false`. - `allow_actions` `array of string` — Hide actions from your users in [Vault](/apis/vault/reference#section/Get-Started). Actions in `allow_actions` will be shown on a connection in Vault. Available actions are: `delete`, `disconnect`, `reauthorize` and `disable`. Empty array will hide all actions. By default all actions are visible. - `theme` `object` — Theming options to change the look and feel of Vault. - `favicon` `string` — The URL to the favicon to use for Vault. — example: `https://res.cloudinary.com/apideck/icons/intercom` - `logo` `string` — The URL to the logo to use for Vault. — example: `https://res.cloudinary.com/apideck/icons/intercom` - `primary_color` `string` — The primary color to use for Vault. — example: `#286efa` - `sidepanel_background_color` `string` — The background color to use for the sidebar. — example: `#286efa` - `sidepanel_text_color` `string` — The text color to use for the sidebar. — example: `#FFFFFF` - `vault_name` `string` — The name that will be shown in the sidebar. — example: `Intercom` - `privacy_url` `string` — The URL to the privacy policy that will be shown in the sidebar. — example: `https://compliance.apideck.com/privacy-policy` - `terms_url` `string` — The URL to the terms and conditions that will be shown in the sidebar. — example: `https://www.termsfeed.com/terms-conditions/957c85c1b089ae9e3219c83eff65377e` - `custom_consumer_settings` `object` — Custom consumer settings that are passed as part of the session. ### Responses #### 200 — Session created - `status_code` `integer` **required** — HTTP Response Status Code — example: `200` - `status` `string` **required** — HTTP Response Status — example: `OK` - `data` `object` **required** - `session_uri` `string` **required** — example: `https://vault.apideck.com/session/` - `session_token` `string` **required** — example: `` - `_raw` `object` — Raw response from the integration when raw=true query param is provided #### 400 — Bad Request > Standard error response — see [Error Responses](https://developers.apideck.com/errors) #### 401 — Unauthorized > Standard error response — see [Error Responses](https://developers.apideck.com/errors) #### 402 — Payment Required > Standard error response — see [Error Responses](https://developers.apideck.com/errors) #### 404 — The specified resource was not found > Standard error response — see [Error Responses](https://developers.apideck.com/errors) #### 422 — Unprocessable > Standard error response — see [Error Responses](https://developers.apideck.com/errors) #### default — Unexpected error > Standard error response — see [Error Responses](https://developers.apideck.com/errors) ---