curl --request POST \
--url https://api.longshot.xyz/v1/auth/session \
--header 'Content-Type: application/json' \
--data '{
"privy_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9..."
}'
{
"session_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"address": "0x742d35cC6634C0532925A3B844Bc9e7595F8B2A1",
"user_id": "8d3f6b4a-a79a-4b4d-8e38-64c2d8f7b9a1",
"expires_at": 1735516400
}
Endpoint
POST https://api.longshot.xyz/v1/auth/session
Content-Type: application/json
Body Parameters
Privy identity token copied from an authenticated Privy web session.
session_token. Use that token as the bearer
credential for RFQ, portfolio, balance, and preference requests. The signed RFQ
order still must be signed by the same embedded Privy wallet address returned
in the session response.
How to Get a Privy JWT
For manual testing, copy the Privy token from an authenticated browser session:
Log in
Open the Longshot web app and log in with Privy.
Open DevTools
Open browser DevTools and go to the Network tab.
Find the session request
Filter for auth/session and click the POST /v1/auth/session request.
Copy the token
Look at Payload or Request Body and copy the privy_token value.
Exchange a Copied Privy Token
curl -sS -X POST "https://api.longshot.xyz/v1/auth/session" \
-H "content-type: application/json" \
--data "{\"privy_token\":\"$PRIVY_TOKEN\"}"
Response Fields
Bearer token for authenticated RFQ, portfolio, balance, and preference routes.
Wallet address extracted from the Privy linked wallet account.
Longshot user identifier for the Privy-backed wallet, encoded as a UUID string.
Session expiry as Unix seconds.
