Sessions
Sessions allow distribution partners to establish consumer context for the ordering experience. Your platform provides user information to Gett, enabling a seamless experience with pre-filled details.
How It Works
- User authenticates on your platform (your own auth system)
- Your backend creates a Gett session with user information via the Gett API
- You initialize the Marketfront SDK with the session token
- User enjoys a seamless ordering experience with their information pre-filled
Session Creation
All integrations require backend session creation. This ensures that:
- Partner is authenticated — Your API key proves the request came from your platform
- Partner attribution is secure — Orders are correctly attributed to your platform
- Consumer context is established — The user's information flows securely to Gett
Request
| Environment | Endpoint |
|---|---|
| Sandbox | https://api-sandbox.gett-tech.com/v1/session/create |
| Production | https://api.gett-tech.com/v1/session/create |
POST /v1/session/create
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
Use your Sandbox API Key against the sandbox endpoint for development, and your Production API Key against the production endpoint for live orders.
Request Body
{
"partnerUserId": "your_user_id_12345",
"email": "user@example.com",
"givenName": "Jane",
"familyName": "Doe",
"phone": "+15551234567",
"expiresInSeconds": 3600,
"addresses": [
{
"formattedAddress": "123 Main St, Seattle, WA 98101, USA",
"googlePlaceId": "ChIJ...",
"latitude": 47.6062,
"longitude": -122.3321,
"unit": "4B",
"deliveryInstructions": "Leave at front desk"
}
],
"paymentMethods": [
{
"token": "pm_abc123",
"brand": "visa",
"last4": "4242",
"expMonth": 12,
"expYear": 2027
}
]
}
Response
{
"sessionToken": "gett_sess_abc123xyz",
"expiresAt": "2025-01-15T12:00:00Z"
}
| Field | Type | Description |
|---|---|---|
sessionToken | string | Token that establishes consumer context for subsequent requests |
expiresAt | string | ISO 8601 expiration timestamp |
User Information
The user information is passed at the root level of the request.
Required Fields
| Field | Type | Description |
|---|---|---|
partnerUserId | string | Stable user identifier in your system. This links the Gett user to your user record. |
Optional Fields
| Field | Type | Description |
|---|---|---|
email | string | User's email address |
givenName | string | User's first name |
familyName | string | User's last name |
phone | string | User's phone number in E.164 format (e.g., +15551234567). Must be SMS-capable for order notifications. |
expiresInSeconds | integer | Optional session duration in seconds. |
Addresses
Optionally provide the user's delivery addresses to pre-fill the checkout experience. The first address in the array is treated as the default.
{
"partnerUserId": "...",
"addresses": [
{
"formattedAddress": "123 Main St, Seattle, WA 98101, USA",
"googlePlaceId": "ChIJ...",
"latitude": 47.6062,
"longitude": -122.3321,
"unit": "4B",
"deliveryInstructions": "Leave at front desk"
}
]
}
Address Fields
| Field | Type | Required | Description |
|---|---|---|---|
formattedAddress | string | No | Full human-readable address string |
googlePlaceId | string | No | Google Maps Place ID (recommended for accuracy) |
latitude | number | No | Location latitude |
longitude | number | No | Location longitude |
unit | string | No | Apartment, suite, unit, etc. |
deliveryInstructions | string | No | Notes for the driver |
Payment Methods
Optionally provide the user's saved payment methods to enable one-click checkout. Payment methods are displayed in the checkout UI and referenced by paymentToken when placing orders.
Payment methods use Card-on-File interchange—see the Payments Guide for full details on how payment interchange works.
{
"partnerUserId": "...",
"addresses": [ ... ],
"paymentMethods": [
{
"token": "pm_abc123",
"brand": "visa",
"last4": "4242",
"expMonth": 12,
"expYear": 2027
}
]
}
Payment Method Fields
| Field | Type | Required | Description |
|---|---|---|---|
token | string | Yes | Your reference to this payment token/id |
brand | string | Yes | Card brand: visa, mastercard, amex, discover |
last4 | string | Yes | Last 4 digits of the card number |
expMonth | number | Yes | Card expiration month (1-12) |
expYear | number | Yes | Card expiration year (4-digit) |
Only pass display metadata—never raw card data. The token is your tokenized reference. See Payments for security details.
Using the Session Token
Initialize the Marketfront SDK with the session token returned from session creation. The session token encodes your partner identity, so no separate Partner ID is needed.
- Web
- iOS
- Android
// Your backend creates the session with user data
const { sessionToken } = await yourBackend.createGettSession(user);
import { MarketfrontClient } from '@gett/marketfront';
const client = new MarketfrontClient({
sessionToken,
});
client.mount('#marketfront-container');
// Your backend creates the session with user data
let sessionToken = try await yourBackend.createGettSession(user: user)
import GettMarketfront
let marketfront = MarketfrontView(sessionToken: sessionToken)
// Your backend creates the session with user data
val sessionToken = yourBackend.createGettSession(user)
import com.gett.marketfront.MarketfrontView
val marketfront = MarketfrontView(
context = context,
sessionToken = sessionToken
)
Session Lifecycle
Expiration
Sessions expire after the time specified in expiresAt. Before expiration, create a new session:
POST https://api.gett-tech.com/v1/session/create
The new session will inherit any in-progress cart from the previous session for the same partnerUserId.
Invalidation
To explicitly end a session (e.g., when your user logs out):
POST https://api.gett-tech.com/v1/session/invalidate
Authorization: Bearer gett_sess_abc123xyz
Security
API Key Protection
Your API key authenticates session creation requests. Never expose it in client-side code.
// Never do this in frontend code
const response = await fetch('https://api.gett-tech.com/v1/session/create', {
headers: { 'Authorization': `Bearer ${API_KEY}` } // Exposed!
});
// Always call from your backend
const response = await yourBackend.createGettSession(userId);
Session Token Handling
Session tokens are safe for client-side use but should still be handled carefully:
- Tokens are scoped to a single session and user
- Tokens cannot be used to create new sessions
- Tokens expire automatically
Data Privacy
- User data is processed according to Gett's privacy policy
- You are responsible for obtaining appropriate consent from your users
- Gett does not share user data with third parties
Error Handling
Session Creation Errors
| Error Code | HTTP Status | Description | Resolution |
|---|---|---|---|
invalid_api_key | 401 | API key is invalid or revoked | Verify your API key |
missing_required_field | 400 | Required field is missing | Include all required user fields: partner_user_id, email, firstName, lastName |
invalid_email | 400 | Email format is invalid | Provide valid email |
invalid_phone | 400 | Phone format is invalid | Use E.164 format |
invalid_address | 400 | Address could not be validated | Verify address fields |
rate_limited | 429 | Too many requests | Implement backoff |
Session Token Errors
| Error Code | HTTP Status | Description | Resolution |
|---|---|---|---|
session_expired | 401 | Session token has expired | Create a new session |
session_invalid | 401 | Session token is malformed or revoked | Create a new session |
session_not_found | 404 | Session does not exist | Create a new session |
Next Steps
- Payments — Card-on-File setup and payment interchange
- Events — Handle order lifecycle events
- SDK Reference — Complete SDK API documentation