taikutaiku
User GuidePluginsAPI Reference
Session KV
PUT/v1/sessions/{session_id}/kv/{plugin_id}/{key}

Session-scoped route. Direct session callers first fetch /api/s/{session_id}/auth-challenge, then send X-Taiku-Session-Nonce and X-Taiku-Session-Key. The plugin SDK and host bridge handle this automatically.

Authorization

sessionChallengeHeader sessionViewerProofHeader
X-Taiku-Session-Nonce<token>

One-time session auth challenge returned by /api/s/{session_id}/auth-challenge.

In: header

X-Taiku-Session-Key<token>

Base64-encoded proof of the one-time challenge, derived from the session secret.

In: header

Path Parameters

session_id*string

Current session identifier.

plugin_id*string

Plugin identifier.

key*string

KV entry key.

Header Parameters

X-Taiku-Session-Nonce?string

Fresh one-time challenge/nonce returned by /api/s/{session_id}/auth-challenge. Must match the nonce used to derive the session proof headers.

X-Taiku-Session-Key?string

Base64-encoded proof of the server-provided challenge, derived from the session secret for viewer access.

Request Body

application/json

KV value payload.

TypeScript Definitions

Use the request body type in TypeScript.

value*unknown

Response Body

application/json

text/plain

text/plain

text/plain

curl -X PUT "/api/v1/sessions/string/kv/string/string" \  -H "Content-Type: application/json" \  -d '{    "value": null  }'
{
  "ok": true
}

"missing session auth challenge"

"Session not found."
"string"