Skip to main content
POST
/
v1
/
omni
/
sessions
Mint an ephemeral Omni session token
curl --request POST \
  --url https://api.pyai.com/v1/omni/sessions \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "allowed_origins": [
    "https://acme.com"
  ],
  "ttl_seconds": 60,
  "session_label": "<string>"
}
'
{
  "object": "omni.session",
  "token": "pyai_live_sess_a1B2…",
  "expires_at": 123,
  "url": "wss://api.pyai.com/v1/omni?format=pcm16&rate=24000",
  "session_label": "<string>"
}

Authorizations

Authorization
string
header
required

Use Authorization: Bearer pyai_live_... (or pyai_test_...).

Body

application/json
allowed_origins
string<uri>[]
required

Browser origins (scheme://host[:port]) the token may connect from. Required and non-empty — a browser token must be origin-locked. * is not allowed.

Minimum array length: 1
Example:
["https://acme.com"]
ttl_seconds
integer
default:60

Token lifetime in seconds. Keep it short; a leaked token is worth seconds, not minutes.

Required range: 1 <= x <= 600
session_label
string

Optional opaque tag echoed back to your kb_endpoint and recorded on the call.

Response

Minted session token

object
string
Example:

"omni.session"

token
string

The ephemeral session token. Use as the WebSocket subprotocol pyai-key.<token>. Short-lived and origin-locked; safe to hand to the browser.

Example:

"pyai_live_sess_a1B2…"

expires_at
integer

Token expiry, Unix epoch milliseconds.

url
string

The Omni realtime WebSocket URL to connect to.

Example:

"wss://api.pyai.com/v1/omni?format=pcm16&rate=24000"

session_label
string | null

Echoed back when supplied on the request.