Skip to content

Validating Session Tokens with the REST API

Several customers have asked for a way to validate a stored session token or return the User object for an authenticated request. There is now a way to do this with our REST API. Send a GET request to /1/users/me with a session token in the header:

curl -X GET 
-H "X-Parse-Application-Id: application-id-here" 
-H "X-Parse-REST-API-Key: rest-api-key-here" 
-H "X-Parse-Session-Token: session-token-here"

The response will be a JSON object, containing either a User object as shown in the REST API guide for logging in users or an error object with a code of 101 and an error value of "invalid session".

Successful response:

  "username": "cooldude6",
  "phone": "415-392-0202",
  "createdAt": "2011-11-07T20:58:34.448Z",
  "updatedAt": "2011-11-07T20:58:34.448Z",
  "objectId": "g7y9tkhB7O"

Invalid response:

  "code": 101,
  "error": "invalid session"

This can now be found in the REST API Guide in a new section, Validating Session Tokens.

We hope this is useful for the subset of customers who rely on our REST API, and ask everyone else to stay tuned for new features that will build upon this.