This section describes how to interact with currently authorised identity
"Sessions" here don't mean the same thing as with web apps since the API is stateless. In this context, it simply refers the the authorised identity making the current API call; usually, depending on the authorization level, it will have information about:
- The customer profile
- The user profile
These two (2) pieces of information are what constitute an authorised session.
Personal Access Tokens
PATs also create an authorised session as they carry the customer & user information as a part of their context.