> ## Documentation Index
> Fetch the complete documentation index at: https://developer.sandbox.co.in/llms.txt
> Use this file to discover all available pages before exploring further.

# Initiate Session

> The Initiate Session API returns a EntityLocker link that the user is redirected to, where they can provide consent for the requested documents.

<Card title="Run in Postman" icon="https://mintcdn.com/sandboxfinancialtechnologiesprivatelimited/gviqebbpT5NUt_6i/static/svg/Postman.svg?fit=max&auto=format&n=gviqebbpT5NUt_6i&q=85&s=da47f2b7e10d87befec951aed9468de3" horizontal arrow="true" href="https://www.postman.com/in-co-sandbox/sandbox-api/request/wc2zc29/initiate-session" width="2030" height="2031" data-path="static/svg/Postman.svg" />


## OpenAPI

````yaml api-reference/kyc/openapi.json POST /kyc/entitylocker/sessions/init
openapi: 3.1.0
info:
  title: in-co-sandbox-kyc
  description: ''
  version: 1.0.0
servers:
  - url: https://test-api.sandbox.co.in
    description: test
  - url: https://api.sandbox.co.in
    description: prod
security: []
tags:
  - name: kyc
  - name: digilocker-sdk
  - name: digilocker
  - name: aadhaar
  - name: bank
  - name: pan
  - name: mca
  - name: entitylocker
  - name: entitylocker-sdk
paths:
  /kyc/entitylocker/sessions/init:
    post:
      tags:
        - kyc
        - entitylocker
      summary: Initiate session
      operationId: initiateSession
      parameters:
        - name: Authorization
          in: header
          description: >-
            JWT access token. For token-generation steps, refer to the
            [Quickstart
            Guide](https://developer.sandbox.co.in/guides/get-started/quickstart).
          required: true
          example: '{{access_token}}'
          schema:
            type: string
        - name: x-api-key
          in: header
          description: API key used to identify and authenticate the client.
          required: true
          example: '{{api_key}}'
          schema:
            type: string
        - name: x-api-version
          in: header
          description: Specifies the API version for the request.
          required: false
          example: 1.0.0
          schema:
            type: string
        - name: Content-Type
          in: header
          description: Media type of the request body.
          required: false
          example: application/json
          schema:
            type: string
            enum:
              - application/json
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                '@entity':
                  type: string
                  enum:
                    - in.co.sandbox.kyc.entitylocker.session.request
                flow:
                  type: string
                  enum:
                    - signin
                    - signup
                  description: >-
                    EntityLocker user journey to initiate for this session. Use
                    `signin` for existing users or `signup` to create a new
                    EntityLocker account.
                redirect_url:
                  type: string
                  format: uri
                  pattern: ^https://
                  description: >-
                    HTTPS URL where the user will be redirected after completing
                    the EntityLocker consent flow.
                consent_expiry:
                  type: integer
                  minimum: 0
                  description: >-
                    Unix timestamp in milliseconds after which the consent
                    request becomes invalid. Must be at least 1 hour later than
                    the current server time.
              required:
                - '@entity'
                - flow
                - redirect_url
            examples:
              200 - Session initiated:
                value:
                  '@entity': in.co.sandbox.kyc.entitylocker.session.request
                  flow: signin
                  redirect_url: https://sandbox.co.in/
                  consent_expiry: 1765887697411
                summary: 200 - Session initiated
      responses:
        '200':
          description: ''
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: integer
                    description: HTTP status code.
                  timestamp:
                    type: integer
                    description: >-
                      Unix timestamp (in milliseconds) indicating when the
                      server generated the response.
                  data:
                    type: object
                    description: >-
                      Response payload containing the requested data or error
                      details.
                    properties:
                      '@entity':
                        type: string
                      authorization_url:
                        type: string
                        description: >-
                          The URL to which the user should be redirected to
                          complete the authorization flow. This URL initiates
                          the user authentication and consent process.
                      session_id:
                        type: string
                        description: >-
                          A unique identifier for the user session. This ID is
                          used to track and manage the state of the user's
                          consent.
                    required:
                      - '@entity'
                      - authorization_url
                      - session_id
                  transaction_id:
                    type: string
                    description: Unique identifier for tracking the request across systems.
                required:
                  - code
                  - timestamp
                  - data
                  - transaction_id
              examples:
                200 - Session initiated:
                  summary: 200 - Session initiated
                  value:
                    code: 200
                    timestamp: 1765534184274
                    data:
                      '@entity': in.co.sandbox.kyc.entitylocker.session.response
                      authorization_url: >-
                        https://entity.digilocker.gov.in/public/oauth2/1/authorize?response_type=code&client_id=VRF23C1E3B&redirect_uri=https%3A%2F%2Fdev-api.sandbox.co.in%2Fcallbacks%2Fkyc%2Fentitylocker%2Foauth&state=ZDgyMDM0NzItMTFiMC00ZGRhLWFlOWItY2U0YzI0OTRmMWRkfGQzZjg4OTdlLWYxZmYtNDQ0OS05NzA0LTcwNzNmNjkzMDI5NnxodHRwczovL3NhbmRib3guY28uaW4v&code_challenge=yxAtiqiBw2FrXmavMHn7bVnq7nW-sWRNI50JTMuYtAE&code_challenge_method=S256&consent_valid_till=1767205777
                      session_id: d3f8897e-f1ff-4449-9704-7073f6930296
                    transaction_id: 02683ff9-2abc-42ab-a050-945f21068bce
          headers: {}
      deprecated: false
      security: []

````