feat: documenting sessions (#31)

README.md

@@ -14,7 +14,8 @@ $ yarn
 $ yarn start
 ```
 
-This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
+This command starts a local development server at http://localhost:3000/ and opens up a browser window.
+Most changes are reflected live without having to restart the server.
 
 ### Build
 

docs/api/applications/applications.mdx

@@ -14,7 +14,7 @@ import { Alert, Alerts } from "@site/src/components/shared/Alert";
 
 # Applications
 
-Your ability to authenticate to the Basis Theory API is granted through an API Key associated with an Application.
+Your ability to authenticate to the Basis Theory API is granted through an API Key associated with an Application or Session.
 Each Application type enables different use cases, and you should strive to grant the minimal level of access to each
 Application. Below, we describe each Application Type and how to choose between them.
 
@@ -132,8 +132,7 @@ func main() {
 | `type`                             | true     | _string_ | `null`                    | [Application type](#application-types) of the application                                                                               |
 | `permissions`                      | false    | _array_  | `[]`                      | An array of [Permissions](/docs/api/applications/permissions#permission-types) granted to the application                               |
 | `rules`                            | false    | _array_  | `[]`                      | An array of [Access Rules](#access-rules) granted to the application                                                                    |
-| `expires_at`                       | false    | _string_ | `Current date + 1 minute` | ISO8601 compatible DateTime in which the application will be deleted. Only applies for `Expiring` applications and must be within a day |
-| `can_create_expiring_applications` | false    | _bool_   | `null`                    | Whether this application can provision Expiring applications. Only applies for `Private` applications                                   |
+| `expires_at`                       | false    | _string_ | `null`                    | ISO8601 compatible DateTime in which the application will be deleted                                                                    |
 
 Either `permissions` or `rules` is required to be non-empty when creating an Application.
 
@@ -604,7 +603,6 @@ func main() {
 | `name`                             | true     | _string_ | `null`  | The name of the application. Has a maximum length of `200`                                                          |
 | `permissions`                      | false    | _array_  | `[]`    | A non-empty array of [Permissions](/docs/api/applications/permissions#permission-types) granted to the application. |
 | `rules`                            | false    | _array_  | `[]`    | An array of [Access Rules](#access-rules) granted to the application.                                               |
-| `can_create_expiring_applications` | false    | _bool_   | `null`  | Whether this application can provision `Expiring` applications. Only applies for `Private` applications             |
 
 Either `permissions` or `rules` is required to be non-empty when updating an Application.
 
@@ -852,7 +850,6 @@ Returns [an error](/docs/api/errors) if the application failed to delete.
 | `modified_by`                      | _uuid_   | (Optional) The ID of the user or Application that last modified the Application                       |
 | `modified_at`                      | _date_   | (Optional) Last modified date of the Application in ISO 8601 format                                   |
 | `expires_at`                       | _date_   | (Optional) Expiring date of the Application in ISO 8601 format                                        |
-| `can_create_expiring_applications` | _bool_   | (Optional) Whether this application can provision Expiring applications                               |
 
 ### Application Types
 
@@ -861,7 +858,6 @@ Returns [an error](/docs/api/errors) if the application failed to delete.
 | Private    | `private`    | Used for tokenizing, retrieving, and decrypting data within backend services where the `API key` can be secured   |
 | Public     | `public`     | Used for tokenizing data directly within your mobile or browser application                                       |
 | Management | `management` | Used for managing all aspects of your token infrastructure such as [creating an Application](#create-application) |
-| Expiring   | `expiring`   | Used for revealing sensitive data using elements within your mobile or browser application                        |
 
 ### Access Rules
 
@@ -870,7 +866,7 @@ Returns [an error](/docs/api/errors) if the application failed to delete.
 | `description` | _string_ | A description of this Access Rule                                                                                                                                 |
 | `priority`    | _int_    | The priority of the rule, beginning with `1` and higher values having lower precedence                                                                            |
 | `container`   | _string_ | (Optional) The [container](/docs/concepts/what-are-containers) of Tokens this rule is scoped to                                                                   |
-| `conditions`  | _array_  | (Optional) List of [conditions](#applications-access-rules-access-rule-conditions) to be satisfied for the rule to be used. Only apply to `Expiring` applications |
+| `conditions`  | _array_  | (Optional) List of [conditions](#applications-access-rules-access-rule-conditions) to be satisfied for the rule to be used. Only apply to sessions                |
 | `transform`   | _string_ | The [transform](#applications-access-rules-access-rule-transforms) to apply to accessed Tokens                                                                    |
 | `permissions` | _array_  | List of [permissions](#permissions-permission-types) to grant on this Access Rule                                                                                 |
 
@@ -880,8 +876,8 @@ See [Access Rules](/docs/concepts/access-controls#what-are-access-rules) for mor
   <code>container</code> is only required for <code>public</code> and{" "}
   <code>private</code>
   applications, whilst <code>conditions</code> is only required for <code>
-    expiring
-  </code> ones. They are mutually exclusive.
+    sessions
+  </code>. They are mutually exclusive.
 </Alert>
 
 #### Access Rule Transforms
@@ -898,4 +894,4 @@ See [Access Rules](/docs/concepts/access-controls#what-are-access-rules) for mor
 | ----------- | -------- | ----------------------------------------------------------------------------- |
 | `attribute` | _string_ | The token attribute the condition is evaluated on. Either `id` or `container` |
 | `operator`  | _string_ | The operator used for the evaluation. Either `starts_with` or `equals`        |
-| `value`     | _string_ | The value to evaluate against the token attribute                             |
+| `value`     | _string_ | The value to evaluate against the token attribute                             |

docs/api/applications/permissions.mdx

@@ -139,7 +139,7 @@ could not be retrieved.
 | -------------------------- | ---------------------------------------------------------- | -------------------- |
 | `token:create`             | Create Tokens                                              | `public` `private`   |
 | `token:update`             | Update Tokens                                              | `public` `private`   |
-| `token:read`               | Read Tokens                                                | `private` `expiring` |
+| `token:read`               | Read Tokens                                                | `private`            |
 | `token:search`             | Search Tokens                                              | `private`            |
 | `token:delete`             | Delete Tokens                                              | `private`            |
 | `token:use`                | Use Tokens in Basis Theory Services (e.g. Proxy, Reactors) | `private`            |
@@ -166,4 +166,4 @@ could not be retrieved.
 | `tenant:invitation:read`   | Read Tenant Invitations                                    | `management`         |
 | `tenant:invitation:update` | Update Tenant Invitations                                  | `management`         |
 | `tenant:invitation:delete` | Delete Tenant Invitations                                  | `management`         |
-| `report:read`              | Read reports                                               | `management`         |
+| `report:read`              | Read reports                                               | `management`         |

docs/api/applications/sessions.mdx

@@ -0,0 +1,233 @@
+---
+title: Sessions
+---
+
+import Tabs from "@theme/Tabs";
+import TabItem from "@theme/TabItem";
+
+import {
+  HttpMethod,
+  HttpMethods,
+} from "@site/src/components/shared/HttpMethod";
+import { Permission } from "@site/src/components/shared/Permission";
+import { Alert, Alerts } from "@site/src/components/shared/Alert";
+
+# Sessions
+
+## Create Session
+
+Create a new Session for a Public Application.
+
+<HttpMethod
+  method={HttpMethods.POST}
+  endpoint="https://api.basistheory.com/sessions"
+/>
+
+### Request
+
+<Tabs className="bt-tabs" groupId="languages">
+  <TabItem value="shell" label="cURL">
+
+```shell showLineNumbers
+curl "https://api.basistheory.com/sessions" \
+  -H "BT-API-KEY: key_N88mVGsp3sCXkykyN2EFED" \
+  -X "POST"
+```
+
+  </TabItem>
+  <TabItem value="javascript" label="JavaScript">
+
+```javascript showLineNumbers
+import { BasisTheory } from "@basis-theory/basis-theory-js";
+
+const bt = await new BasisTheory().init("key_N88mVGsp3sCXkykyN2EFED");
+
+const session = await bt.sessions.createSession();
+```
+
+  </TabItem>
+  <TabItem value="csharp" label="C#">
+
+```csharp showLineNumbers
+using BasisTheory.net.Sessions;
+
+var client = new SessionClient("key_N88mVGsp3sCXkykyN2EFED");
+
+var session = await client.CreateAsync();
+```
+
+  </TabItem>
+  <TabItem value="python" label="Python">
+
+```python showLineNumbers
+import basistheory
+from basistheory.api import sessions_api
+
+with basistheory.ApiClient(configuration=basistheory.Configuration(api_key="key_N88mVGsp3sCXkykyN2EFED")) as api_client:
+    session_client = sessions_api.SessionsApi(api_client)
+
+    session = session_client.create()
+```
+
+  </TabItem>
+  <TabItem value="go" label="Go">
+
+```go showLineNumbers
+package main
+
+import (
+  "context"
+  "github.com/Basis-Theory/basistheory-go/v3"
+)
+
+func main() {
+  configuration := basistheory.NewConfiguration()
+  apiClient := basistheory.NewAPIClient(configuration)
+  contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
+    "ApiKey": {Key: "key_N88mVGsp3sCXkykyN2EFED"},
+  })
+
+  session, httpResponse, err := apiClient.SessionsApi.Create(contextWithAPIKey).Execute()
+}
+```
+
+  </TabItem>
+</Tabs>
+
+### Response
+
+Returns a [CreateSessionResponse](#create-session-response-object) if the session was created. Returns [an error](/docs/api/errors) if there were validation errors, or the session failed to create.
+
+```json showLineNumbers
+{
+  "session_key": "key_sess_9A8skE7MhJi9HnaSGyTDZY",
+  "nonce": "4J7SiRvfADwJ9ZqwviJJs8",
+  "expires_at": "2023-01-09T20:14:55.2130891+00:00"
+}
+```
+
+<Alert>
+  The <code>session_key</code> should not be shared with any other application. It should only be used by the one creating it.
+  The session will not have any access until it is authorized.
+</Alert>
+
+## Authorize Session
+
+Authorize a created session with permissions or access rules.
+
+<HttpMethod
+  method={HttpMethods.POST}
+  endpoint="https://api.basistheory.com/sessions/authorize"
+/>
+
+### Request
+
+<Tabs className="bt-tabs" groupId="languages">
+  <TabItem value="shell" label="cURL">
+
+```shell showLineNumbers
+curl "https://api.basistheory.com/sessions/authorize" \
+  -H "BT-API-KEY: key_N88mVGsp3sCXkykyN2EFED" \
+  -H "Content-Type: application/json" \
+  -X "POST" \
+  -d '{
+    "nonce": "4J7SiRvfADwJ9ZqwviJJs8",
+    "rules": [ "token:create", "token:read" ]
+  }'
+```
+
+  </TabItem>
+  <TabItem value="javascript" label="JavaScript">
+
+```javascript showLineNumbers
+import { BasisTheory } from "@basis-theory/basis-theory-js";
+
+const bt = await new BasisTheory().init("key_N88mVGsp3sCXkykyN2EFED");
+
+const authorizedSession = await bt.sessions.authorize({
+  nonce: "4J7SiRvfADwJ9ZqwviJJs8",
+  permissions: ["token:create", "token:read"],
+});
+```
+
+  </TabItem>
+  <TabItem value="csharp" label="C#">
+
+```csharp showLineNumbers
+using BasisTheory.net.Sessions;
+
+var client = new SessionClient("key_N88mVGsp3sCXkykyN2EFED");
+
+var authorizedSession = await client.CreateAsync(new AuthorizeSessionRequest {
+  Nonce = "4J7SiRvfADwJ9ZqwviJJs8",
+  Permissions = new List<string> { "token:create", "token:read" }
+});
+```
+
+  </TabItem>
+  <TabItem value="python" label="Python">
+
+```python showLineNumbers
+import basistheory
+from basistheory.api import sessions_api
+from basistheory.model.authorize_session_request import AuthorizeSessionRequest
+
+with basistheory.ApiClient(configuration=basistheory.Configuration(api_key="key_N88mVGsp3sCXkykyN2EFED")) as api_client:
+    session_client = sessions_api.SessionsApi(api_client)
+
+    authorizedSession = session_client.authorize(authorize_session_request=AuthorizeSessionRequest(
+        nonce="4J7SiRvfADwJ9ZqwviJJs8",
+        permissions=[ "token:create", "token:read" ]
+    ))
+```
+
+  </TabItem>
+  <TabItem value="go" label="Go">
+
+```go showLineNumbers
+package main
+
+import (
+  "context"
+  "github.com/Basis-Theory/basistheory-go/v3"
+)
+
+func main() {
+  configuration := basistheory.NewConfiguration()
+  apiClient := basistheory.NewAPIClient(configuration)
+  contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
+    "ApiKey": {Key: "key_N88mVGsp3sCXkykyN2EFED"},
+  })
+
+  authorizeSessionRequest := *basistheory.NewAuthorizeSessionRequest("4J7SiRvfADwJ9ZqwviJJs8")
+  authorizeSessionRequest.SetPermissions([]string{ "token:create", "token:read" })
+
+  authorizedSession, httpResponse, err := apiClient.SessionsApi.Authorize(contextWithAPIKey).AuthorizeSessionRequest(authorizeSessionRequest).Execute()
+}
+```
+
+  </TabItem>
+</Tabs>
+
+#### Request Parameters
+
+| Attribute                          | Required | Type     | Default                   | Description                                                                                                                             |
+| ---------------------------------- | -------- | -------- | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
+| `nonce`                            | true     | _string_ | `null`                    | A one time unique code to authorize the session                                                                                         |
+| `permissions`                      | false    | _array_  | `[]`                      | An array of [Permissions](/docs/api/applications/permissions#permission-types) granted to the application tied to the session           |
+| `rules`                            | false    | _array_  | `[]`                      | An array of [Access Rules](#access-rules) granted to the application tied to the session                                                |
+| `expires_at`                       | false    | _string_ | `null`                    | ISO8601 compatible DateTime in which the session will be deleted. By default it is 3 minutes from the session creation date             |
+
+Either `permissions` or `rules` is required to be non-empty when authorizing a Session.
+
+### Response
+
+Returns no payload. Returns [an error](/docs/api/errors) if there were validation errors, or the session authorization failed.
+
+## Create Session Response Object
+
+| Attribute                          | Type     | Description                                                                                           |
+| ---------------------------------- | -------- | ----------------------------------------------------------------------------------------------------- |
+| `session_key`                      | _string_ | The Session API key which should be used for authenticating against Basis Theory API endpoints        |
+| `nonce`                            | _string_ | A one time unique code to authorize the session                                                       |
+| `expires_at`                       | _date_   | Expiring date of the Session in ISO 8601 format. Defaults to 3 minutes after the creation date        |

docs/concepts/access-controls.mdx

@@ -69,8 +69,6 @@ A short description of the Application describing its intended use, for example
 
 - **Management**: Used with scripts or the [Basis Theory Terraform Provider](https://registry.terraform.io/providers/Basis-Theory/basistheory) to manage your Tenant's settings and services (Applications, Reactors, Proxy, etc) without logging into our Portal.
 
-- **Expiring**: Used for Browser, Mobile, or Desktop applications running natively on a device (e.g. iOS, Android, Windows, etc) where the application is [revealing sensitive data using Basis Theory Elements](/docs/sdks/web/javascript/methods#detokenization). Expiring Applications have limited permissions available and can be scoped to single tokens to ensure the API Key can be safely used within publicly available code.
-
 ### Access Controls
 
 An Application is granted access to your Tenant's resources in one of two ways: by granting the Application a set of
@@ -112,11 +110,7 @@ API Keys should be regarded as highly sensitive, and should be stored a secret w
 
 ### Expires At
 
-ISO8601 compatible DateTime at which the application will be deleted. It only applies for `Expiring` applications.
-
-### Can Create Expiring Applications
-
-Flag that determines whether a `Private` application can provision `Expiring` applications.
+ISO8601 compatible DateTime at which the application will be deleted.
 
 ### Application Templates
 
@@ -179,7 +173,7 @@ if and how Token data will be returned from the API. If no matching rules are fo
 access to the requested resource is denied with a `403 Forbidden` error.
 
 <Alert type={Alerts.WARNING}>
-  Access Rules are currently only supported on Private, Public and Expiring
+  Access Rules are currently only supported on Private and Public
   Application types, and only control access to Token resources. Access Rules
   are not supported on Management Applications at this time.
 </Alert>
@@ -213,7 +207,7 @@ Conditions allow specifying more specific restrictions for the access rule to be
 specific token. For example, having a condition with attribute `ID`, operator `EQUALS` and value `<tokenId>`, will
 allow the application to only access the token with the given `<tokenId>` ID.
 
-Conditions are mutually exclusive with Container and are currently only available for Expiring applications.
+Conditions are mutually exclusive with Container and are currently only available for Sessions.
 
 ### Permissions