GET
/v1/sessions/{session_id}/pluginsSession-scoped route. Direct session callers first fetch /api/s/{session_id}/auth-challenge, then send X-Taiku-Session-Nonce and X-Taiku-Session-Key. The plugin SDK and host bridge handle this automatically.
Authorization
sessionChallengeHeader sessionViewerProofHeader X-Taiku-Session-Nonce<token>
One-time session auth challenge returned by /api/s/{session_id}/auth-challenge.
In: header
X-Taiku-Session-Key<token>
Base64-encoded proof of the one-time challenge, derived from the session secret.
In: header
Path Parameters
session_id*string
Current session identifier.
Header Parameters
X-Taiku-Session-Nonce?string
Fresh one-time challenge/nonce returned by /api/s/{session_id}/auth-challenge. Must match the nonce used to derive the session proof headers.
X-Taiku-Session-Key?string
Base64-encoded proof of the server-provided challenge, derived from the session secret for viewer access.
Response Body
application/json
text/plain
text/plain
curl -X GET "/api/v1/sessions/string/plugins"{
"taiku.agent-monitor": {
"manifest_url": "/plugins/taiku.agent-monitor/manifest.json",
"enabled": true
},
"taiku.file-browser": {
"manifest_url": "/plugins/taiku.file-browser/manifest.json",
"enabled": false
}
}"missing session auth challenge""Session not found."