Download PDF
Download page Session Management.
Session Management
To use the LiveVox Public APIs, customers need to configure one or more valid Users with appropriate permissions for API access. A user may be a SysAdmin, SuperUser, Manager, or even an Agent. This must be done before API access can occur and must be done through the LiveVox Portal (LVP).
In addition to creating users, customers will need to have one or more API Application Tokens created for their API usage. An API Token is an alpha-numeric string that uniquely identifies a client application. An API token will be provided as part of the onboarding process. In general, a customer only needs one, however, if a customer wishes to partition and track their API use on a per-application basis, up to 5 API Tokens may be created. Each API user can create unique sessions by logging in with each distinct token available to the client. This allows traffic and API reporting to be segmented by application.
Contact the LiveVox Customer Care Team to have an API Token created. Tokens are uniquely associated with the requesting client and cannot be shared.
You can log in to LiveVox public APIs with Single Sign On (SSO) capability or without it depending on the site configuration.
Login With SSO
If the Single Sign On (SSO) feature is enabled for your site, you can log in to LiveVox public APIs by using the SSO login method.
The LiveVox public API allows you to log on using a third-party identity provider (IdP). Currently, the LiveVox Platform supports Okta and Azure. In future releases, the LiveVox Platform is planning to support other IdPs. For more information, see the section Login With SSO for a complete description of the request.
- You need to have your own IdP, because LiveVox does not provide an IdP.
- If you plan to use the LiveVox public APIs, you are required to use the Open ID Connect (OIDC) protocol.
Login Without SSO
The credentials for a configured API user must be provided when establishing a login session. See the Login Without SSO section for a complete description of the login request. To successfully login, an API user must provide the API Token in the login request. This token is implicitly associated with all requests made within the session but is only required for a login request.
For example, the following invalid token shows how the LV-Access header is specified in an HTTP request: LV-Access: a0009999bcbc0000xxxx000000000000
If the LV-Access header is not provided, or the access token is not valid, the login request will fail with an Authorization error.
A successful login will establish a session for that user and return a session ID to use for subsequent requests. The following requests must provide the session ID in the LV-Session header.
For example, if your Session ID is 5eb4ad6c-50b7-45da-8d56-f4e9ac7d9cbd
, then your API request need to include the following in the HTTP header as LV-Session: 5eb4ad6c-50b7-45da-8d56-f4e9ac7d9cb
If the session ID is not specified or invalid, API requests will fail with an Authorization error. Sessions may be invalidated if a user’s credentials have expired or been changed. In addition, sessions expire after 2 hours of inactivity. Users will need to log in again to establish a valid session before making another request.