> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lite.sa/llms.txt
> Use this file to discover all available pages before exploring further.

# Check session validity

> Checks whether a checkout session is still valid (not expired, cancelled,
or completed).




## OpenAPI

````yaml /openapi/payment-acceptance.json get /checkout/sessions/{session_id}/validity
openapi: 3.1.0
info:
  title: lite - Payment Acceptance
  version: 1.0.0
servers:
  - url: https://api.lite.sa/v1
    description: Production
security:
  - ApiKeyAuth: []
  - BearerAuth: []
tags:
  - name: 3DS Authentication
    description: Standalone payer authentication via the 3DS standard
  - name: Hosted Checkout
    description: Create, manage and deploy hosted checkout pages
  - name: Server-to-Server Payments
    description: Direct payment API for server-side integrations
paths:
  /checkout/sessions/{session_id}/validity:
    get:
      tags:
        - Hosted Checkout
      summary: Check session validity
      description: >
        Checks whether a checkout session is still valid (not expired,
        cancelled,

        or completed).
      operationId: lite.checkout.checkValidity
      parameters:
        - $ref: '#/components/parameters/session_id'
        - $ref: '#/components/parameters/x-correlation-id'
      responses:
        '200':
          $ref: '#/components/responses/SessionValidity'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  parameters:
    session_id:
      name: session_id
      in: path
      required: true
      description: Unique identifier of the checkout session
      schema:
        type: string
        example: ses_a1b2c3d4e5f6
    x-correlation-id:
      name: x-correlation-id
      in: header
      required: false
      description: >-
        Unique identifier for request tracing. Generated by the client or server
        if not provided.
      schema:
        type: string
        format: uuid
        example: 550e8400-e29b-41d4-a716-446655440000
  responses:
    SessionValidity:
      description: Checkout session validity status.
      content:
        application/json:
          schema:
            type: object
            required:
              - valid
              - session_id
              - status
              - expires_on
              - order_id
              - amount
              - currency
            properties:
              valid:
                type: boolean
                description: Whether the session is still valid
                example: true
              session_id:
                type: string
                description: Session ID
                example: ses_a1b2c3d4e5f6
              status:
                type: string
                description: Session status
                example: Pending
                oneOf:
                  - title: Pending
                    const: Pending
                    description: Session is active and awaiting payment
                  - title: Completed
                    const: Completed
                    description: Session has been completed
                  - title: Expired
                    const: Expired
                    description: Session has expired
                  - title: Cancelled
                    const: Cancelled
                    description: Session was explicitly cancelled
              expires_on:
                type: string
                format: date-time
                description: Session expiry timestamp
                example: '2026-05-18T12:00:00.000Z'
              order_id:
                type: string
                description: Order reference
                example: ORD-123456
              amount:
                type: integer
                description: Session amount in minor units
                example: 10000
              currency:
                type: string
                description: Currency code (ISO 4217)
                example: SAR
    Unauthorized:
      description: |
        Authentication failed — missing or invalid token.

        Returned when:
        - The JWT bearer token is missing, expired, or has an invalid signature
        - The API key is missing or invalid
        - The authenticated session token is invalid
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Forbidden:
      description: >
        Request blocked by security policy.


        Returned when:

        - A security threat is detected (SQL injection, XSS, NoSQL injection,
        LDAP injection, path traversal)

        - Header injection or suspicious headers are detected

        - The request payload exceeds the maximum allowed size

        - Geo-region validation fails (user country does not match client
        region)
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    NotFound:
      description: |
        The requested resource was not found.

        Returned when:
        - The specified resource ID does not exist
        - The path does not match any known endpoint
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    InternalServerError:
      description: >
        An unexpected error occurred on the server.


        Returned when an unhandled exception or infrastructure failure prevents
        the request from being processed. Retry the request with exponential
        backoff.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  schemas:
    ErrorResponse:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - code
            - message
            - timestamp
          properties:
            code:
              type: string
              description: Error code identifying the type of error
              example: PAYMENT_DETAILS_MISMATCH
            message:
              type: string
              description: Human-readable error description
              example: The request was invalid or malformed
            details:
              type: object
              description: Additional error details
            correlationId:
              type: string
              format: uuid
              description: Correlation ID for tracking the request
              example: 550e8400-e29b-41d4-a716-446655440000
            timestamp:
              type: string
              format: date-time
              description: Timestamp when the error occurred
              example: '2024-12-16T10:30:00.000Z'
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key
      description: API key for service-to-service or merchant authentication.
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        JWT Bearer token obtained from user authentication. Passed as
        Authorization: Bearer <token>.

````