SessionManager | SignalWire

SessionManager provides stateless HMAC-SHA256 token generation and validation for SWAIG function call authentication. Tokens encode a call ID, function name, expiry, and nonce, signed with a shared secret. It also supports per-session metadata storage with automatic cleanup.

1 import { SessionManager } from '@signalwire/sdk';
2 
3 const sm = new SessionManager(900); // 15-minute token expiry
4 const token = sm.generateToken('get_weather', 'call-123');
5 const valid = sm.validateToken('call-123', 'get_weather', token);

Constructor

tokenExpirySecs

numberDefaults to 900

Token validity duration in seconds.

secretKey

string

HMAC signing secret. A random 32-byte key is generated if omitted.

Methods

createSession

Return or generate a session identifier.

generateToken

Generate a signed token binding a function to a call ID.

createToolToken

Alias for generateToken.

validateToken

Validate a token against expected call ID and function name.

validateToolToken

Alias for validateToken with reordered parameters.

debugToken

Decode token components without validating the signature.

getSessionMetadata

Retrieve metadata for a session.

setSessionMetadata

Merge metadata into a session.

cleanup

Remove expired session metadata entries.

deleteSessionMetadata

Delete all metadata for a session.

Example

1 import { SessionManager } from '@signalwire/sdk';
2 
3 const sm = new SessionManager();
4 const token = sm.generateToken('get_weather', 'call-abc123');
5 
6 // Later, validate the token
7 const valid = sm.validateToken('call-abc123', 'get_weather', token);
8 console.log('Token valid:', valid); // true