Sessions endpoints

Allocate a browser, look up its status, release it, fetch the replay.

POST /sessions

Allocate a session and return its WebSocket endpoints. For most callers cdpEndpoint is the field you want — it works with any CDP-compatible client (Puppeteer, browser-use, playwright-core's connectOverCDP, etc.).

POST /sessions HTTP/1.1
Host: api.solaribrowser.com
Authorization: Bearer sb_live_…
Content-Type: application/json

{
  "stealth":   true,
  "recording": true,
  "captcha":   true,
  "profileId": "prof_abc123",
  "proxy":     { "country": "us", "session": "warmup-1", "sessionDuration": 10 }
}

Body

Field	Type	Default	Notes
`stealth`	boolean	`false`	Full Chromium with the fingerprint shim.
`recording`	boolean	`false`	Capture rrweb events.
`captcha`	boolean	`false`	Auto-solve captcha widgets. Requires `stealth`.
`profileId`	string	—	Hydrate cookies + localStorage from a saved profile.
`proxy`	string \| object \| `"off"`	—	Managed proxy egress. Requires `stealth`.

Response — 200 OK

{
  "sessionId":   "abc-1234-…",
  "wsEndpoint":  "wss://api.solaribrowser.com/ws/abc-1234-…",
  "cdpEndpoint": "wss://api.solaribrowser.com/cdp/abc-1234-…",
  "expiresAt":   "2026-05-12T18:00:00Z",
  "storageState": {
    "cookies": [ /* ... */ ],
    "origins": [ /* ... */ ]
  },
  "proxy": {
    "server":     "http://…",
    "username":   "…",
    "password":   "***",
    "country":    "us",
    "tier":       "residential",
    "timezoneId": "America/Los_Angeles"
  }
}

wsEndpoint takes a version-matched Playwright wire client; cdpEndpoint takes any CDP-compatible client. Both point at the same browser.

expiresAt is the plan-tier max-session deadline (ISO 8601 UTC) — the server auto-releases at that point regardless of client state. storageState is included only when profileId was passed. proxy is included only when a proxy was requested; tier on it reports which tier actually served the request (useful for confirming a tier: "mobile" ask wasn't downgraded).

GET /sessions/:id

Look up the current status of a session.

GET /sessions/abc-1234-… HTTP/1.1
Host: api.solaribrowser.com
Authorization: Bearer sb_live_…

DELETE /sessions/:id

Release the session. Idempotent.

DELETE /sessions/abc-1234-… HTTP/1.1
Host: api.solaribrowser.com
Authorization: Bearer sb_live_…

Response — 200 OK

{ "released": true }

GET /sessions/:id/replay-url

Presigned URL for the gzipped NDJSON rrweb stream. Available a few seconds after release.

GET /sessions/abc-1234-…/replay-url HTTP/1.1
Host: api.solaribrowser.com
Authorization: Bearer sb_live_…

Response — 200 OK

{
  "url":              "https://…?X-Amz-Signature=…",
  "expiresInSeconds": 900,
  "contentEncoding":  "gzip"
}

The URL is valid for 15 minutes. The body is line-delimited JSON — one rrweb event per line.