**Source URL:** https://general.veevavault.dev/integrations/guides/post-message.md

# Sending Session IDs with Post Message



A technology called `postMessage` is a secure method of sending data. There are several Vault configurations which may send data using `postMessage`. For more information about `postMessage`, you can visit [Mozilla’s documentation](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage).

<Aside type="tip">Post Message is considered best practice for sending Vault session IDs to external systems.</Aside>
When the **Post Session credentials via Post Message** checkbox is selected in a custom web tab, Vault sends the user’s session ID using `postMessage` rather than as a URL parameter. Learn more about [custom web tabs in Vault Help](https://platform.veevavault.help/en/gr/23516#web).

When the **Post Session Credentials via Form Data with Key "Session.id"** checkbox is selected when configuring an external URL call job, Vault sends the user’s session ID using `postMessage`. Learn more about [configuring external URL jobs in Vault Help](https://platform.veevavault.help/en/gr/22897#how_to_define_external_url_calljobs).

When these options are selected, you must adjust your application to receive information from `postMessage`:

<Steps>
1. Request the session ID from Vault by sending a “ready” message on the window load of the custom web tab or external URL.

2. Listen for a message event from Vault with the session ID. The postMessage happens after the initial page load, so your web application must listen for message events.

</Steps>
Vault will return JSON data with the session ID.

For example, using jQuery:

<CodeExample title="">
```
<script type="text/javascript">
  let sessionId = '';

  // 1. Request the session ID from Vault
  $(window).on('load', function() {
    var readyMessage = JSON.stringify({'message_id': 'ready', 'data': {}});
    window.parent.postMessage(readyMessage, '*');
  });

  // 2. Listen for a message event from Vault
  $(window).on('message', function(e) {
    var message = JSON.parse(e.originalEvent.data);
    if (message['message_id'] == 'session_id') {
      sessionId = message['data']['session_id'];
    }
  });

  // Use the sessionId variable in the integration header or body data
</script>

```
</CodeExample>
This example JSON output shows the session ID returned from Vault:

<CodeExample title="">
```
{"message_id":"session_id","data": {"session_id":"9DA3848FF39392020…"}}

```
</CodeExample>
Once you have the `session_id`, your web application can store it using cookies. You can also pass the data into a Vault API request.



---

**Previous:** [Guides](/integrations/guides)  
**Next:** [VeevaID](/integrations/veeva-id)