Sessions

From API Documentation

This page addresses questions about sessions.

Contents 1 Do we need to create the Zuora session per user, per request, or do we need to share it across users? 2 What is the session timeout value? 3 Does the Zuora API provide a method for validating a session (whether the session exists or it has timed out) so that we can create a new session before calling subscribe? 4 Why are we intermittently getting an INVALID_SESSION error while invoking the API?

Do we need to create the Zuora session per user, per request, or do we need to share it across users?

The session maps to a particular user, and all data created has the “Created By” information as that user. Therefore, it is a best practice to use one session per user.

What is the session timeout value?

The default timeout value is 15 minutes.  However, this can be configured in the Zuora application, under "Administrative Settings"-->"Security Policies".  There the session timeout can be changed from as low as 15 minutes to as long as 8 hours.

Does the Zuora API provide a method for validating a session (whether the session exists or it has timed out) so that we can create a new session before calling subscribe?

There is currently no way to verify a valid session. If a session is invalid, the system will return an INVALID_SESSION error, which means that you need to log in again. The recommended approach is to keep a timer and when it passes the configured threshold minus a margin (e.g. if the threshold is 15 minutes, then the timer should expire in 10 minutes), to login again and get a fresh session.

Why are we intermittently getting an INVALID_SESSION error while invoking the API?

This could be because the user's session has reached the configured threshold. The code should retry again with the credentials to get a valid session.