> ## Documentation Index
> Fetch the complete documentation index at: https://developer.hellgate.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Create session

> Create an account-check session and receive a session ID.

Hand the session ID to your frontend and initialize the Web SDK with it; the SDK redirects
the shopper to their bank to complete the check.

The service is selected by the request path — there is no `type` field.



## OpenAPI

````yaml /platform/services/account-information/openapi.yaml post /api/services/account-information
openapi: 3.1.0
info:
  title: Account Information API
  description: >-
    Verify a shopper's bank account — ownership, holder name, and account
    identifiers — through the Hellgate Cloud Platform Account Information
    Service. Create a session, drive the shopper through the bank login with the
    Web SDK, and receive the verified record on your backend.
  version: '1.0'
  contact:
    name: Starfish GmbH & Co. KG
    email: hello@starfish.team
    url: https://hellgate.io
  license:
    name: Hellgate API Terms
    url: https://hellgate.io/terms-and-conditions
servers:
  - url: https://api.eu1.hellgate.cloud
    description: EU1 environment
security:
  - bearerAuth: []
tags:
  - name: Account Information
    description: Create account-check sessions and retrieve the verified record.
  - name: Webhooks
    description: Register an endpoint and receive account-check event notifications.
paths:
  /api/services/account-information:
    post:
      tags:
        - Account Information
      summary: Create session
      description: >-
        Create an account-check session and receive a session ID.


        Hand the session ID to your frontend and initialize the Web SDK with it;
        the SDK redirects

        the shopper to their bank to complete the check.


        The service is selected by the request path — there is no `type` field.
      operationId: createAccountInformationSession
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateSessionRequest'
      responses:
        '201':
          description: The session was created.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Session'
        '401':
          description: The access token is missing or invalid.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '403':
          description: The tenant is not enabled for the Account Information Service.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '422':
          description: The request body failed validation.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
components:
  schemas:
    CreateSessionRequest:
      type: object
      required:
        - market
        - redirect_urls
      properties:
        market:
          type: string
          description: >-
            ISO 3166-1 alpha-2 country code of the market the shopper banks in.
            Determines bank coverage for the check.
          example: DE
        redirect_urls:
          type: object
          description: Where the shopper's browser lands after the bank step.
          required:
            - success
            - failure
          properties:
            success:
              type: string
              format: uri
              description: >-
                HTTPS URL the shopper returns to on success. Validated against
                your allowed origins.
              example: https://shop.example/verify/success
            failure:
              type: string
              format: uri
              description: >-
                HTTPS URL the shopper returns to on failure. Validated against
                your allowed origins.
              example: https://shop.example/verify/failure
        account_identifier:
          type: object
          description: >-
            Optional. If you already know the shopper's account, supply it to
            pre-bind the bank and let the shopper skip ahead. Keyed by
            identifier type. Treated as personal data under the same retention
            controls as the rest of the attempt.
          properties:
            iban:
              type: string
              description: The shopper's IBAN.
              example: DE89370400440532013000
      example:
        market: DE
        redirect_urls:
          success: https://shop.example/verify/success
          failure: https://shop.example/verify/failure
        account_identifier:
          iban: DE89370400440532013000
    Session:
      type: object
      required:
        - id
      properties:
        id:
          type: string
          format: uuid
          description: >-
            The session ID — a short-lived, client-shareable secret. Initialize
            the Web SDK with it.
          example: 3f7c1e9a-2b4d-4c6e-8a1f-9d0b2c3e4f56
      example:
        id: 3f7c1e9a-2b4d-4c6e-8a1f-9d0b2c3e4f56
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: A machine-readable error code.
          example: tenant_not_enabled
        message:
          type: string
          description: A human-readable description of the error.
          example: The Account Information Service is not enabled for this tenant.
      example:
        code: tenant_not_enabled
        message: The Account Information Service is not enabled for this tenant.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        An Account Information–scoped OAuth2 access token obtained from the
        platform Authentication API. Send it as a bearer token on every request.

````