At present, auth hub apis works with userAccesToken/idToken. With SSO mode in place, there is another cookie “sspsession” , do we need to maintain these 2 things to call auth hub apis?
Is there any way we can maintain any one out of userAccessToken or sspsession cookie?

sspsession is used during AuthN to support desired SSO , userAccessToken is used for accessing self service APIs , so depending on what you are doing , one cannot replace the other .