Qlik Sense: Call Session API with Postman/PowerShell

Damien_V · Mar 3, 2023 4:04:45 AM

This article explains how the session API works and the workflow.
Postman is used to perform the API call to add the session in Qlik Sense.
In the browser, developer tools or an extension can be used to set the cookie.

Authentication workflow

1. User authenticate to an external session module (This module must be built by the customer)
2. The module adds the session to the Proxy using the session API
3. The module sets the cookie for the end user
4. The end user is recognized as authenticated and can access the hub and apps.

Virtual Proxy settings:

It does not matter which authentication method is set on the virtual proxy as we are creating directly a session when using this method. However, the following information: Session Cookie header name, Authentication module redirect URI and Session Cookie domain are important to remember when you use the Session API.

Add the session:

You will need to have the QlikClient certificate installed for the user performing this API call. More information is available in following articles:
QRS API using Xrfkey header in Postman
Export client certificate and root certificate to make API calls with Postman

In order to add a session to the virtual proxy, you need to provide the following information:
UserDirectory
UserId
Attributes (optional, these are for example groups to which the user belongs to)
Cookie value (In Qlik Sense by default, a 36 characters string such as aa051074-13a1-4f2a-842b-a64aa4d21001 is used, however this can be any value, but it must be long enough and randomized to ensure there is not 2 session cookies with the same value that are added to the virtual proxy)

Example of API call:
https://qlikserver1.domain.local:4243/qps/{virtual proxy prefix}/session?xrfkey=0123456789abcdef

Headers:

X-Qlik-xrfkey	0123456789abcdef
Content-Type	application/json

Body:
{
"UserDirectory": "DOMAIN",
"UserId": "User1",
"Attributes":
[],
"SessionId": "aa051074-13a1-4f2a-842b-a64aa4d21001"
}

Postman:

PowerShell:

$body = '{
  "UserDirectory": "DOMAIN",
  "UserId": "User1",
  "Attributes":
    [],
  "SessionId": "aa051074-13a1-4f2a-842b-a64aa4d21001"
}'
   $hdrs = @{}
   $hdrs.Add("X-Qlik-xrfkey","iX83QmNlvu87yyAB")
   $url = "https://qlikserver1.domain.local:4243/qps/session?xrfkey=iX83QmNlvu87yyAB"
   $cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
   Invoke-RestMethod -Uri $url -Method Post -Body $body -ContentType 'application/json' -Headers $hdrs -Certificate $cert

Set the cookie:

In Chrome, an extension such as "EditThisCookie" can be used to test that the session API works.

Open the hub and add a cookie with the following information:

Name: X-Qlik-Session-sessionvp
Value: aa051074-13a1-4f2a-842b-a64aa4d21001
Domain: domain.local
Expiration: 0001-01-01 00:00:00
HttpOnly:True
Secure:True

Save the cookie and refresh the page, make sure the address is https://qlikserver1.domain.local/{virtual proxy prefix}/hub/ when you refresh.

Now you should be logged in as the user requested in the previous API call and able to access the hub/your apps.

lea_ternat · ‎2025-05-21

Hello,
Thank you for these clarifications.
I would like to automate the table export of a qlik view in data format via a powershell script using the REST API.
I can't connect to the API with my powershell script.
Can you give us more details on :
1. external session module: is it possible to retrieve the Cookie generated during the connection via the script?
2. Virtual proxy settings: which elements are mandatory and in what format, with specific examples of fields
3. Where should this X-Qlik-xrfkey field be defined?
Many thanks for your help

Qlik Sense: Call Session API with Postman/PowerShell