Operational routes require:
x-tenant-idAuthorization: Bearer <token>
Setup
import { createClient } from '@session-services/sdk';
const client = createClient({
environment: 'prod',
tenantId: 'tnt_01jqpj2t2kfvmstt6f6tzkbaf2',
headers: {
Authorization: `Bearer ${token}`,
},
});
Core Management Domains
- Teams:
team,teamInvite,teamMember,teamPayment - Promoters:
promoterand promoter performance - Finance:
payout,beneficiary,order.refund - Access control: permission-scoped routes
- Utilities:
internal.uploadImage
Permission Nodes
The permission model includes:
EVENT, ORDER, FINANCE, SCANNING, MARKETING, BILLING, PROMOTER,
TEAM, VENUE, EDITOR, FULL.
Use least-privilege tokens for integrations. Reserve FULL for trusted admin workflows.
Example: Team Member Lifecycle
const { teamInvite } = await client.teamInvite.create({
key: 'team_123',
email: 'test@session.services',
permissions: ['EVENT', 'ORDER'],
});
await client.teamInvite.resend({
key: 'team_123',
inviteId: teamInvite.id,
});