Sessions API
List and revoke active login sessions for the authenticated user. Useful for security workflows and "sign out everywhere" functionality.
Authentication: session token only (Authorization: Bearer <session_token>). For session issuance (login, refresh, logout), see Authentication.
Endpoints
| Method | Path | Purpose |
|---|---|---|
GET | /v1/sessions | List the current user's active sessions |
DELETE | /v1/sessions | Revoke all sessions other than the current one |
DELETE | /v1/sessions/{session_id} | Revoke a specific session |
GET /v1/sessions
{
"current_session_id": "sess_01JF8RSE1A2B3C4D5E6F7G8H9I",
"sessions": [
{
"session_id": "sess_01JF8RSE1A2B3C4D5E6F7G8H9I",
"created_at": "2026-05-01T08:00:00Z",
"expires_at": "2026-05-08T08:00:00Z",
"last_active_at": "2026-05-01T11:42:00Z",
"ip_address": "203.0.113.42",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_5)",
"is_current": true
},
{
"session_id": "sess_01JF8RSE2B3C4D5E6F7G8H9I0J",
"created_at": "2026-04-29T20:00:00Z",
"expires_at": "2026-05-06T20:00:00Z",
"last_active_at": "2026-05-01T07:15:00Z",
"ip_address": "198.51.100.7",
"user_agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 18_2)",
"is_current": false
}
]
}
DELETE /v1/sessions
Revoke every session except the current one. Useful for "sign out everywhere".
{ "message": "All other sessions revoked successfully." }
DELETE /v1/sessions/{session_id}
Revoke a specific session.
{ "message": "Session revoked successfully.", "session_id": "sess_01JF8RSE2B3C4D5E6F7G8H9I0J" }
If you revoke current_session_id, the response is returned and the next request will fail with 401 unauthenticated.
Errors
| HTTP | error.code | Cause |
|---|---|---|
401 | unauthenticated | Missing or invalid session token |
404 | not_found | Session not found or does not belong to the current user |
Next steps
- Issue, refresh, and revoke API keys → Authentication
- Manage users → Users API