Skip to main content
POST
/
customers
/
sessions
Create Customer Session
curl --request POST \
  --url https://api-sandbox.y.uno/v1/customers/sessions \
  --header 'Content-Type: application/json' \
  --header 'private-secret-key: <api-key>' \
  --header 'public-api-key: <api-key>' \
  --data '
{
  "account_id": "8beac4de-5f6f-11ed-9b6a-0242ac120002",
  "customer_id": "ae106483-65ee-463b-8782-9794022b3112",
  "country": "US",
  "callback_url": "https://www.google.com/?customerSession=7dd71f21-9e4c-439a-9c6d-58f240bd28df",
  "created_at": "2025-05-07T20:00:18.721786Z"
}
'
import requests

url = "https://api-sandbox.y.uno/v1/customers/sessions"

payload = {
"account_id": "8beac4de-5f6f-11ed-9b6a-0242ac120002",
"customer_id": "ae106483-65ee-463b-8782-9794022b3112",
"country": "US",
"callback_url": "https://www.google.com/?customerSession=7dd71f21-9e4c-439a-9c6d-58f240bd28df",
"created_at": "2025-05-07T20:00:18.721786Z"
}
headers = {
"public-api-key": "<api-key>",
"private-secret-key": "<api-key>",
"Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {
'public-api-key': '<api-key>',
'private-secret-key': '<api-key>',
'Content-Type': 'application/json'
},
body: JSON.stringify({
account_id: '8beac4de-5f6f-11ed-9b6a-0242ac120002',
customer_id: 'ae106483-65ee-463b-8782-9794022b3112',
country: 'US',
callback_url: 'https://www.google.com/?customerSession=7dd71f21-9e4c-439a-9c6d-58f240bd28df',
created_at: '2025-05-07T20:00:18.721786Z'
})
};

fetch('https://api-sandbox.y.uno/v1/customers/sessions', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://api-sandbox.y.uno/v1/customers/sessions",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'account_id' => '8beac4de-5f6f-11ed-9b6a-0242ac120002',
'customer_id' => 'ae106483-65ee-463b-8782-9794022b3112',
'country' => 'US',
'callback_url' => 'https://www.google.com/?customerSession=7dd71f21-9e4c-439a-9c6d-58f240bd28df',
'created_at' => '2025-05-07T20:00:18.721786Z'
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"private-secret-key: <api-key>",
"public-api-key: <api-key>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"strings"
"net/http"
"io"
)

func main() {

url := "https://api-sandbox.y.uno/v1/customers/sessions"

payload := strings.NewReader("{\n \"account_id\": \"8beac4de-5f6f-11ed-9b6a-0242ac120002\",\n \"customer_id\": \"ae106483-65ee-463b-8782-9794022b3112\",\n \"country\": \"US\",\n \"callback_url\": \"https://www.google.com/?customerSession=7dd71f21-9e4c-439a-9c6d-58f240bd28df\",\n \"created_at\": \"2025-05-07T20:00:18.721786Z\"\n}")

req, _ := http.NewRequest("POST", url, payload)

req.Header.Add("public-api-key", "<api-key>")
req.Header.Add("private-secret-key", "<api-key>")
req.Header.Add("Content-Type", "application/json")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://api-sandbox.y.uno/v1/customers/sessions")
.header("public-api-key", "<api-key>")
.header("private-secret-key", "<api-key>")
.header("Content-Type", "application/json")
.body("{\n \"account_id\": \"8beac4de-5f6f-11ed-9b6a-0242ac120002\",\n \"customer_id\": \"ae106483-65ee-463b-8782-9794022b3112\",\n \"country\": \"US\",\n \"callback_url\": \"https://www.google.com/?customerSession=7dd71f21-9e4c-439a-9c6d-58f240bd28df\",\n \"created_at\": \"2025-05-07T20:00:18.721786Z\"\n}")
.asString();
require 'uri'
require 'net/http'

url = URI("https://api-sandbox.y.uno/v1/customers/sessions")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["public-api-key"] = '<api-key>'
request["private-secret-key"] = '<api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"account_id\": \"8beac4de-5f6f-11ed-9b6a-0242ac120002\",\n \"customer_id\": \"ae106483-65ee-463b-8782-9794022b3112\",\n \"country\": \"US\",\n \"callback_url\": \"https://www.google.com/?customerSession=7dd71f21-9e4c-439a-9c6d-58f240bd28df\",\n \"created_at\": \"2025-05-07T20:00:18.721786Z\"\n}"

response = http.request(request)
puts response.read_body
{
  "customer_session": "7dd71f21-9e4c-439a-9c6d-58f240bd28df",
  "customer_id": "ae106483-65ee-463b-8782-9794022b3112",
  "country": "US",
  "callback_url": "https://www.google.com/?customerSession=7dd71f21-9e4c-439a-9c6d-58f240bd28df",
  "created_at": "2025-05-07T20:00:18.721786Z"
}
Creates a customer session for enrolling and managing payment methods. Use this to save cards, wallets, and other payment methods for future use. Requires a customer_id from Create Customer .

Authorizations

public-api-key
string
header
default:<Your public-api-key>
required
private-secret-key
string
header
default:<Your private-secret-key>
required

Body

application/json
account_id
string
required

The unique identifier of the account. You find this information on the Yuno dashboard (UUID, 36 chars).

country
enum<string>
required

The customer's country (MAX 2; MIN 2; ISO 3166-1).

Available options:
AR,
BO,
BR,
CL,
CO,
CR,
EC,
SV,
GT,
HN,
MX,
NI,
PA,
PY,
PE,
US,
UY
customer_id
string
required

The unique identifier of the customer, created using the Create Customer endpoint (UUID, 36 chars).

callback_url
string

The url to redirect your customer after the enrollment is made in the provider's environment (MAX 526; MIN 3).

Response

201

customer_session
string
Example:

"7dd71f21-9e4c-439a-9c6d-58f240bd28df"

customer_id
string
Example:

"ae106483-65ee-463b-8782-9794022b3112"

country
string
Example:

"US"

callback_url
string
Example:

"https://www.google.com/?customerSession=7dd71f21-9e4c-439a-9c6d-58f240bd28df"

created_at
string
Example:

"2025-05-07T20:00:18.721786Z"