Stytch · Schema
api_b2b_session_v1_ExchangeResponse
AuthenticationIdentityPasswordlessSecurityB2BConnected AppsMCPAI AgentsDeveloper Tools
Properties
| Name | Type | Description |
|---|---|---|
| request_id | string | Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug |
| member_id | string | Globally unique UUID that identifies a specific Member. |
| session_token | string | A secret token for a given Stytch Session. |
| session_jwt | string | The JSON Web Token (JWT) for a given Stytch Session. |
| member | object | The [Member object](https://stytch.com/docs/b2b/api/member-object) |
| organization | object | The [Organization object](https://stytch.com/docs/b2b/api/organization-object). |
| member_authenticated | boolean | Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization. |
| intermediate_session_token | string | The returned Intermediate Session Token contains any Email Magic Link or OAuth factors from the original member session that are valid for the target Organization. If this value is non-empty, the memb |
| status_code | integer | The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server |
| member_session | object | The [Session object](https://stytch.com/docs/b2b/api/session-object). |
| mfa_required | object | Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA. |
| primary_required | object | Information about the primary authentication requirements of the Organization. |
| member_device | object | If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `member_device` response field will con |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/api_b2b_session_v1_ExchangeResponse",
"title": "api_b2b_session_v1_ExchangeResponse",
"type": "object",
"properties": {
"request_id": {
"type": "string",
"description": "Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue."
},
"member_id": {
"type": "string",
"description": "Globally unique UUID that identifies a specific Member."
},
"session_token": {
"type": "string",
"description": "A secret token for a given Stytch Session."
},
"session_jwt": {
"type": "string",
"description": "The JSON Web Token (JWT) for a given Stytch Session."
},
"member": {
"$ref": "#/components/schemas/api_organization_v1_Member",
"description": "The [Member object](https://stytch.com/docs/b2b/api/member-object)"
},
"organization": {
"$ref": "#/components/schemas/api_organization_v1_Organization",
"description": "The [Organization object](https://stytch.com/docs/b2b/api/organization-object)."
},
"member_authenticated": {
"type": "boolean",
"description": "Indicates whether the Member is fully authenticated. If false, the Member needs to complete an MFA step to log in to the Organization."
},
"intermediate_session_token": {
"type": "string",
"description": "The returned Intermediate Session Token contains any Email Magic Link or OAuth factors from the original member session that are valid for the target Organization. If this value is non-empty, the member must complete an MFA step to finish logging in to the Organization. The token can be used with the [OTP SMS Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-otp-sms), [TOTP Authenticate endpoint](https://stytch.com/docs/b2b/api/authenticate-totp), or [Recovery Codes Recover endpoint](https://stytch.com/docs/b2b/api/recovery-codes-recover) to complete an MFA flow and log in to the Organization. The token has a default expiry of 10 minutes. It can also be used with the [Exchange Intermediate Session endpoint](https://stytch.com/docs/b2b/api/exchange-intermediate-session) to join a specific Organization that allows the factors represented by the intermediate session token; or the [Create Organization via Discovery endpoint](https://stytch.com/docs/b2b/api/create-organization-via-discovery) to create a new Organization and Member. Intermediate Session Tokens have a default expiry of 10 minutes."
},
"status_code": {
"type": "integer",
"format": "int32",
"description": "The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors."
},
"member_session": {
"$ref": "#/components/schemas/api_b2b_session_v1_MemberSession",
"description": "The [Session object](https://stytch.com/docs/b2b/api/session-object)."
},
"mfa_required": {
"$ref": "#/components/schemas/api_b2b_mfa_v1_MfaRequired",
"description": "Information about the MFA requirements of the Organization and the Member's options for fulfilling MFA."
},
"primary_required": {
"$ref": "#/components/schemas/api_b2b_session_v1_PrimaryRequired",
"description": "Information about the primary authentication requirements of the Organization."
},
"member_device": {
"$ref": "#/components/schemas/api_device_history_v1_DeviceInfo",
"description": "If a valid `telemetry_id` was passed in the request and the [Fingerprint Lookup API](https://stytch.com/docs/fraud/api/fingerprint-lookup) returned results, the `member_device` response field will contain information about the member's device attributes."
}
},
"required": [
"request_id",
"member_id",
"session_token",
"session_jwt",
"member",
"organization",
"member_authenticated",
"intermediate_session_token",
"status_code"
]
}