> ## Documentation Index > Fetch the complete documentation index at: https://docs.responsibleailabs.ai/llms.txt > Use this file to discover all available pages before exploring further. # DPDP: Session > Create or retrieve DPDP compliance sessions. Track consent state, child flags, events, fulfilled obligations, and active timers across a user journey. **Overview:** [India DPDP](/api-reference/dpdp-overview) | **Concept:** [India DPDP guide](/concepts/india-dpdp) | **SDK:** [Python DPDP](/sdk/python/dpdp) | **Credits:** 0 (free) Creates or retrieves a compliance session. Sessions track state across multiple API calls for a single user journey: consent state, child flags, events emitted, obligations fulfilled, and active timers. ```mermaid theme={null} flowchart LR Create["action: create
(purpose required)"] --> Sess(["session_id"]) Sess --> Emit["/emit events
mutate state + start timers"] Emit --> State["state: consent_status,
child_session, events_count,
open_timers, obligations"] State --> Get["action: get
read current state"] ``` ## Parameters `"create"` to start a new session or `"get"` to retrieve an existing one. Required for `"get"`. The session ID to retrieve. `"data_fiduciary"` or `"significant_data_fiduciary"`. SDFs have additional obligations under the DPDP Act (DPIA, DPO appointment, annual reporting). Required for `"create"`. Primary processing purpose (e.g., `"loan_advisory"`, `"healthcare"`). Industry sector (e.g., `"fintech"`, `"healthcare"`, `"ecommerce"`). Influences sector-specific guidance. Whether children's data may be processed. Enables S.9 checks from session start. Session time-to-live in hours. Minimum 1. ## Request: create ```bash theme={null} curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/dpdp/session \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_RAIL_API_KEY" \ -d '{ "action": "create", "config": { "entity_type": "data_fiduciary", "purpose": "loan_advisory", "sector": "fintech", "processes_children": true, "ttl_hours": 24 } }' ``` ## Request: get ```bash theme={null} curl -X POST https://api.responsibleailabs.ai/railscore/v1/compliance/dpdp/session \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_RAIL_API_KEY" \ -d '{ "action": "get", "session_id": "sess_abc123def456" }' ``` ## Response ```json theme={null} { "result": { "session_id": "sess_abc123def456", "created_at": "2026-05-14T08:00:00+00:00", "config": { "entity_type": "data_fiduciary", "purpose": "loan_advisory", "sector": "fintech", "processes_children": true }, "state": { "consent_status": {}, "notice_shown": false, "child_session": false, "events_count": 0, "open_timers": [], "fulfilled_obligations": [], "pending_obligations": [] } }, "credits_consumed": 0 } ``` Unique session identifier (prefixed with `sess_`). Use this in subsequent `/scan`, `/evaluate`, `/emit`, and `/require` calls. Session configuration as provided at creation. Current compliance state. Updated automatically by events emitted via [`/emit`](/api-reference/dpdp-emit). Per-purpose consent state. Keys are purpose names, values are `"active"`, `"withdrawn"`, or `"refused"`. Obligations completed in this session (e.g., `"notice_shown"`, `"consent_obtained"`, `"parental_consent_obtained"`). Active timer IDs associated with this session.