Qlik Community

Ask a Question

Knowledge Base

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Live chat with experts, bring your API Integration questions. June 15th, 10 AM ET. REGISTER TODAY

Qlik Sense: Call Session API with Postman/PowerShell


Qlik Sense: Call Session API with Postman/PowerShell

This article explains how the session API works and the workflow.
Postman is used to perform the API call to add the session in Qlik Sense.
In the browser, developer tools or an extension can be used to set the cookie.

Authentication workflow

1. User authenticate to an external session module (This module must be built by the customer)
2. The module adds the session to the Proxy using the session API
3. The module sets the cookie for the end user
4. The end user is recognized as authenticated and can access the hub and apps.

Virtual Proxy settings:

It does not matter which authentication method is set on the virtual proxy as we are creating directly a session when using this method. However, the following information: Session Cookie header name, Authentication module redirect URI and Session Cookie domain are important to remember when you use the Session API. 

User-added image

Add the session:

You will need to have the QlikClient certificate installed for the user performing this API call. More information is available in following articles:
QRS API using Xrfkey header in Postman
Export client certificate and root certificate to make API calls with Postman

In order to add a session to the virtual proxy, you need to provide the following information:
Attributes (optional, these are for example groups to which the user belongs to)
Cookie value (In Qlik Sense by default, a 36 characters string such as aa051074-13a1-4f2a-842b-a64aa4d21001 is used, however this can be any value, but it must be long enough and randomized to ensure there is not 2 session cookies with the same value that are added to the virtual proxy)

Example of API call:
https://qlikserver1.domain.local:4243/qps/{virtual proxy prefix}/session?xrfkey=0123456789abcdef


X-Qlik-xrfkey 0123456789abcdef
Content-Type application/json

  "UserDirectory": "DOMAIN",
  "UserId": "User1",
  "SessionId": "aa051074-13a1-4f2a-842b-a64aa4d21001"


User-added image


$body = '{
  "UserDirectory": "DOMAIN",
  "UserId": "User1",
  "SessionId": "aa051074-13a1-4f2a-842b-a64aa4d21001"
   $hdrs = @{}
   $url = "https://qlikserver1.domain.local:4243/qps/session?xrfkey=iX83QmNlvu87yyAB"
   $cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
   Invoke-RestMethod -Uri $url -Method Post -Body $body -ContentType 'application/json' -Headers $hdrs -Certificate $cert


Set the cookie:

In Chrome, an extension such as "EditThisCookie" can be used to test that the session API works.

Open the hub and add a cookie with the following information:

Name: X-Qlik-Session-sessionvp
Value: aa051074-13a1-4f2a-842b-a64aa4d21001
Domain: domain.local
Expiration: 0001-01-01 00:00:00

User-added image

Save the cookie and refresh the page, make sure the address is https://qlikserver1.domain.local/{virtual proxy prefix}/hub/ when you refresh.

Now you should be logged in as the user requested in the previous API call and able to access the hub/your apps.

An .aspx example on how to use Session API is available on Qlik Branch. Please note that this example is provided as is and is not supported by Qlik Support.

Labels (1)
Version history
Revision #:
5 of 5
Last update:
‎2021-02-23 04:26 AM
Updated by: