Sessions
Read, set, and tear down per-session mock state — idempotent by design.
On this page
Sessions are the heart of the Public API. Set up a test state before your app runs, read it back, clean up when done.
Query parameters
Most session endpoints need:
| Param | Required | Notes |
|---|---|---|
project | Org-wide keys: yes | Project slug |
environment | Multi-endpoint: yes | Proxy endpoint slug |
PUT also accepts project and environment in the JSON body.
GET /sessions/:sessionKey
Read current session state.
curl "$BASE/sessions/ci-42?project=checkout&environment=staging" \
-H "Authorization: Bearer $KEY"Response (200):
{
"project": "checkout",
"environment": "staging",
"sessionKey": "ci-42",
"label": "CI run 4821",
"scenario": "scn_paymentDeclined",
"overrides": ["ovr_extraMock"],
"globalDelayMs": 0,
"globalDelayMaxMs": 0,
"lastSeenAt": "2026-06-23T12:00:00.000Z"
}404 not_found if the session doesn't exist yet. Use PUT to create it.
PUT /sessions/:sessionKey
Declarative, idempotent set-state. Creates the session if missing. Takes effect on the proxy immediately.
curl -X PUT "$BASE/sessions/ci-42" \
-H "Authorization: Bearer $KEY" \
-H "Content-Type: application/json" \
-d '{
"project": "checkout",
"environment": "staging",
"scenario": "scn_paymentDeclined",
"overrides": ["ovr_extraMock"],
"globalDelayMs": 0,
"globalDelayMaxMs": 0,
"label": "CI run 4821"
}'Body fields
| Field | Type | Notes |
|---|---|---|
project | string? | Max 64 chars |
environment | string? | Max 64 chars |
scenario | string | null? | Scenario id, or null to clear |
overrides | string[]? | Exact desired set of published, non-scenario mocks |
globalDelayMs | int 0–120000 | null? | Fixed delay for all responses |
globalDelayMaxMs | int 0–120000 | null? | Random delay up to this max |
label | string | null? | Human note, max 200 chars |
Omitted fields are left unchanged. When overrides is provided, activations not in the list are removed — including ones set manually in the dashboard.
Returns the same shape as GET.
DELETE /sessions/:sessionKey
curl -X DELETE "$BASE/sessions/ci-42?project=checkout&environment=staging&mode=delete" \
-H "Authorization: Bearer $KEY"| Mode | Behavior |
|---|---|
reset (default) | Clear state, keep the session |
delete | Remove the session entirely |
Response:
{ "ok": true, "mode": "delete" }Invalid mode → 422 invalid_mode.
Product context
Your app must send x-flowmock-session: ci-42 on proxied requests. See QA sessions for the full picture.