Get session config (for the component)

GET

/v1/hosted-sessions/{sessionId}

const url = 'https://api.govifi.com/v1/hosted-sessions/example';
const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request GET \
  --url https://api.govifi.com/v1/hosted-sessions/example \
  --header 'Authorization: Bearer <token>'

Authorizations

sessionCredential

Parameters

Path Parameters

sessionId

required

string

/^cs_[A-Za-z0-9]+$/

Responses

200

Sanitized config

application/json

Sanitized config returned to the component (session-credential safe)

object

session_id

string

status

string

Allowed values: active completed expired

scope

Capability scope of the credential reading this session.

string

Allowed values: payment wallet

amount

integer

currency

string

description

string

line_items

Array<object>

object

description

required

string

amount

required

Cents

integer

quantity

integer

default: 1

metadata

object

customer_email

string

layout

string

Allowed values: hosted embedded

allowed_methods

Array<string>

setup_future_usage

string

Allowed values: off on_session off_session

branding

object

logo_url

string format: uri

accent_color

string

/^#[0-9A-Fa-f]{6}$/

merchant_display_name

string

required_avs_fields

Array<string>

saved_methods

Hydrated only when customer_id is set. Sanitized — no full PAN.

Array<object>

object

string

type

string

Allowed values: card ach

brand

Visa | mastercard | amex | discover (cards only)

string

last4

string

exp_month

integer

exp_year

integer

holder_name

string

bank_name

ACH only

string

account_type

string

Allowed values: checking savings

is_default

boolean

expires_at

string format: date-time

merchant_display_name

string

page_message

HTML allowed

string

challenge

Server-decided fraud challenge the payer must satisfy before confirm (RFC rfc-fraud-challenges.md). Null = no challenge required. Browser-safe — site_key is public and delivery_hint is masked; contains no PII.

object

type

string

Allowed values: hcaptcha turnstile sms email

site_key

Public key for hcaptcha/turnstile.

string

delivery_hint

Masked destination for sms/email, e.g. --1234.

string

code_sent

Sms/email: whether a verification code has already been dispatched.

boolean

Example

{
  "status": "active",
  "scope": "payment",
  "line_items": [
    {
      "quantity": 1
    }
  ],
  "layout": "hosted",
  "setup_future_usage": "off",
  "saved_methods": [
    {
      "type": "card",
      "account_type": "checking"
    }
  ],
  "challenge": {
    "type": "hcaptcha"
  }
}

404

Session not found

application/json

object

code

required

string

Allowed values: card_declined expired_card incorrect_cvc insufficient_funds processing_error network_error session_expired validation_error origin_not_allowed rate_limited challenge_required challenge_failed duplicate_payment already_confirmed insufficient_scope

message

required

string

recoverable

boolean

request_id

string

Example

{
  "code": "card_declined"
}

410

Session expired or already completed

application/json

object

code

required

string

message

required

string

recoverable

boolean

request_id

string

Example

{
  "code": "card_declined"
}